lucastealer | lutop1[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

lutop1.zip
Size

7.4MB
MD5

23af195ab9407f3b5ddc87531b84c7ed
SHA1

2e0d949f4ecb7d03b7d16bb11fca8eeeb149ed1c
SHA256

fdeb9360b7b9b9afecc2751037019de9498d60b1e8ebd66ebf6bf14cdd61d08f
SHA512

92c931dd3ab189b827f08ef76705c5583db7f7fabd281f7c54cc907acd0b0425a81cd25c73d74b11c733da24fda344fc4d611451c6b46698e6b8c86aef0c8ed5
SSDEEP

196608:DFTzN+O2bGglbo3pxOJL65iRXslvgPlWfW2V:DFTz0HJg6l65iylvUlWu2V

Score

10^/10

lucastealer

Malware Config

Signatures

Luca Stealer payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/ww_service.exe	family_lucastealer

Lucastealer family
lucastealer

Files

lutop1.zip
.zip
ww_service.exe
.exe windows x64

0451c9433d3d909d508080949702d7d3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

secur32

LsaEnumerateLogonSessions
LsaGetLogonSessionData
LsaFreeReturnBuffer

kernel32

RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RaiseException
VirtualQuery
GetStringTypeW
GetLastError
Sleep
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetModuleFileNameA
GetUserPreferredUILanguages
GetComputerNameExW
TryAcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
CloseHandle
SystemTimeToFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
GlobalSize
GlobalLock
GlobalUnlock
GlobalAlloc
GlobalFree
WideCharToMultiByte
MultiByteToWideChar
SleepConditionVariableSRW
GetModuleHandleW
GetProcAddress
lstrlenW
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
CreateIoCompletionPort
ReadFile
WriteFile
SetFileCompletionNotificationModes
GetSystemInfo
GetModuleHandleA
SetFileInformationByHandle
SetLastError
GetFinalPathNameByHandleW
GetFileInformationByHandle
LocalFree
SetHandleInformation
GetCurrentProcessId
TlsGetValue
TlsSetValue
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentThread
GetStdHandle
GetConsoleMode
WaitForSingleObject
WriteConsoleW
SwitchToThread
GetCurrentDirectoryW
GetCurrentProcess
ReleaseMutex
CreateMutexA
WaitForSingleObjectEx
LoadLibraryA
GetEnvironmentVariableW
RtlCaptureContext
RtlLookupFunctionEntry
GetEnvironmentStringsW
FormatMessageW
SetEnvironmentVariableW
GetTempPathW
GetModuleFileNameW
GetCommandLineW
CreateFileW
SetFilePointerEx
GetFileInformationByHandleEx
GetFullPathNameW
FlushFileBuffers
DuplicateHandle
FindNextFileW
CreateDirectoryW
FindFirstFileW
FindClose
ReadConsoleW
SleepEx
FreeEnvironmentStringsW
GetFileAttributesW
CreateThread
ExitProcess
TerminateProcess
WakeAllConditionVariable
WakeConditionVariable
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
DeleteFileW
DeviceIoControl
CopyFileExW
GetFileType
OpenProcess
ReadProcessMemory
GetProcessTimes
VirtualQueryEx
GetSystemTimes
GetProcessIoCounters
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceExW
GetTickCount64
GlobalMemoryStatusEx
GetLogicalDrives
LoadLibraryExW
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetSystemDirectoryA
GetTickCount
MoveFileExA
GetEnvironmentVariableA
VerSetConditionMask
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
GetHandleInformation
InitializeSRWLock
InitializeCriticalSection
InitOnceExecuteOnce
RtlVirtualUnwind
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetFileSize
LockFileEx
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
HeapCreate
AreFileApisANSI
TryEnterCriticalSection
GetCurrentThreadId
RtlUnwindEx
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetStdHandle
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleOutputCP
GetCommandLineA
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
PeekNamedPipe
RtlPcToFileHeader
TlsFree
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer

user32

GetMonitorInfoW
SetClipboardData
EmptyClipboard
GetClipboardData
EnumDisplaySettingsExW
OpenClipboard
CloseClipboard
EnumDisplayMonitors

crypt32

CertFreeCertificateChain
CertCloseStore
CertDuplicateCertificateContext
CryptStringToBinaryA
CertAddCertificateContextToStore
CryptUnprotectData
PFXImportCertStore
CertOpenStore
CryptDecodeObjectEx
CertFindCertificateInStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetEnhancedKeyUsage
CertEnumCertificatesInStore
CertGetCertificateChain
CertFreeCertificateContext

advapi32

CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
GetUserNameW
LookupAccountSidW
GetTokenInformation
RegQueryValueExW
RegOpenKeyExW
OpenProcessToken
CryptAcquireContextA
RegSetValueExA
RegCloseKey
RegGetValueA
RegOpenKeyExA
SystemFunction036
CryptReleaseContext

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoInitializeEx
CoUninitialize
CoTaskMemFree

shell32

SHGetKnownFolderPath
CommandLineToArgvW

ws2_32

connect
socket
listen
getaddrinfo
WSAGetLastError
getsockopt
bind
WSACleanup
closesocket
setsockopt
select
WSAIoctl
WSASend
send
WSARecv
WSAStartup
htonl
__WSAFDIsSet
WSASetLastError
ntohs
htons
recv
shutdown
WSAWaitForMultipleEvents
WSASetEvent
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
ioctlsocket
WSACreateEvent
WSASocketW
getpeername
accept
recvfrom
getsockname
WSACloseEvent
freeaddrinfo

gdi32

GetObjectW
GetDIBits
CreateDCW
GetDeviceCaps
StretchBlt
CreateCompatibleDC
DeleteObject
SelectObject
SetStretchBltMode
CreateCompatibleBitmap
DeleteDC

bcrypt

BCryptCloseAlgorithmProvider
BCryptGenRandom
BCryptOpenAlgorithmProvider

ntdll

NtDeviceIoControlFile
NtCancelIoFileEx
RtlNtStatusToDosError
NtCreateFile
RtlGetVersion
NtQuerySystemInformation
NtQueryInformationProcess

pdh

PdhOpenQueryA
PdhCloseQuery
PdhGetFormattedCounterValue
PdhRemoveCounter
PdhCollectQueryData
PdhAddEnglishCounterW

oleaut32

SafeArrayAccessData
SysAllocStringLen
SysAllocString
SysFreeString
SafeArrayUnaccessData
SafeArrayGetUBound
SafeArrayDestroy
SafeArrayGetLBound
VariantClear

netapi32

NetUserEnum
NetUserGetLocalGroups
NetApiBufferFree

powrprof

CallNtPowerInformation

iphlpapi

FreeMibTable
GetIfTable2
GetIfEntry2

psapi

EnumProcessModulesEx
GetPerformanceInfo
GetModuleFileNameExW

Sections

.text
Size: 16.7MB - Virtual size: 16.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 479.5MB - Virtual size: 479.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 174KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 861KB - Virtual size: 860KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0451c9433d3d909d508080949702d7d3

Headers

DLL Characteristics

File Characteristics

Imports

secur32

kernel32

user32

crypt32

advapi32

ole32

shell32

ws2_32

gdi32

bcrypt

ntdll

pdh

oleaut32

netapi32

powrprof

iphlpapi

psapi

Sections

.text Size: 16.7MB - Virtual size: 16.7MB

.rdata Size: 479.5MB - Virtual size: 479.5MB

.data Size: 174KB - Virtual size: 183KB

.pdata Size: 861KB - Virtual size: 860KB

_RDATA Size: 512B - Virtual size: 244B

.reloc Size: 72KB - Virtual size: 71KB

.text
Size: 16.7MB - Virtual size: 16.7MB

.rdata
Size: 479.5MB - Virtual size: 479.5MB

.data
Size: 174KB - Virtual size: 183KB

.pdata
Size: 861KB - Virtual size: 860KB

_RDATA
Size: 512B - Virtual size: 244B

.reloc
Size: 72KB - Virtual size: 71KB