lucastealer | fa446744a959e3817f9e544a83a2b2504d8f4c192ceb96978daa07e064c5aa7b[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

fa446744a959e3817f9e544a83a2b2504d8f4c192ceb96978daa07e064c5aa7b.zip
Size

2.1MB
MD5

6c0a00f0175630cb184e8c0d4e912263
SHA1

059bdced4baffba1d1c332a726b20a4c2bf26e44
SHA256

2d2ade3b8bf0f4be3dd02e2f9619e53f29b245cf57d168fff315fcd0e82f0b88
SHA512

e7086ffaa58ca4f68bd95b32d58541d17639d6ea2c840bd02b1308f5b71eb0fae5aeb076670a193af9b69eff681865e82ba583635a098d440a7e052cc917b753
SSDEEP

49152:Q7xE1B6rZdxEkMBqw9bcgzipDlH6PFAZhOooP2UZVdL0seX:Q7xCkrLx/4bjSpadAfxoP2OgseX

Score

10^/10

lucastealer

Malware Config

Signatures

Luca Stealer payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/fa446744a959e3817f9e544a83a2b2504d8f4c192ceb96978daa07e064c5aa7b	family_lucastealer

Lucastealer family
lucastealer

Files

fa446744a959e3817f9e544a83a2b2504d8f4c192ceb96978daa07e064c5aa7b.zip
.zip

Password: threatbook
fa446744a959e3817f9e544a83a2b2504d8f4c192ceb96978daa07e064c5aa7b
.exe windows x64

Password: threatbook

90ab8251bc09220dabf76603ae053404

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

secur32

QueryContextAttributesW
FreeContextBuffer
DeleteSecurityContext
ApplyControlToken
InitializeSecurityContextW
DecryptMessage
AcceptSecurityContext
FreeCredentialsHandle
AcquireCredentialsHandleA
LsaFreeReturnBuffer
LsaGetLogonSessionData
LsaEnumerateLogonSessions
EncryptMessage

kernel32

SwitchToThread
SleepConditionVariableSRW
PostQueuedCompletionStatus
CancelIoEx
CreateIoCompletionPort
SetFileCompletionNotificationModes
WakeConditionVariable
GetSystemInfo
GetFileInformationByHandle
GetModuleHandleA
GetCurrentThread
TryAcquireSRWLockExclusive
GetStdHandle
GetConsoleMode
WaitForSingleObject
WriteConsoleW
SetLastError
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetCurrentProcess
ReleaseMutex
GetEnvironmentVariableW
RtlLookupFunctionEntry
FormatMessageW
GetTempPathW
CreateFileW
SetFilePointerEx
GetFullPathNameW
FindNextFileW
FindFirstFileW
FindClose
CreateThread
ExitProcess
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetCurrentDirectoryW
RtlCaptureContext
AcquireSRWLockShared
ReleaseSRWLockShared
SetFileInformationByHandle
DuplicateHandle
CopyFileExW
SetHandleInformation
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceExW
DeviceIoControl
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
LocalFree
ReleaseSRWLockExclusive
VirtualQueryEx
OpenProcess
GlobalMemoryStatusEx
GetQueuedCompletionStatusEx
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
Sleep
GetSystemDirectoryA
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentVariableA
SleepEx
MoveFileExA
VerSetConditionMask
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
ReadFile
FlushFileBuffers
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
SystemTimeToFileTime
GetCurrentProcessId
GetFileSize
LockFileEx
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
AreFileApisANSI
InitializeCriticalSection
TryEnterCriticalSection
GetCurrentThreadId
CreateDirectoryW
HeapReAlloc
HeapFree
GetProcessHeap
HeapAlloc
SetThreadStackGuarantee
AddVectoredExceptionHandler
FreeLibrary
GetProcAddress
LoadLibraryExW
GetComputerNameExW
DeleteFileW
GetFileInformationByHandleEx
GetLogicalDrives
GetTickCount64
GetUserPreferredUILanguages
GetLastError
AcquireSRWLockExclusive
WakeAllConditionVariable
CloseHandle
GetModuleHandleW
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
ReadProcessMemory

advapi32

OpenProcessToken
LookupAccountSidW
RegOpenKeyExW
RegQueryValueExW
GetUserNameW
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
GetTokenInformation

ws2_32

connect
getsockname
send
closesocket
WSAGetLastError
recvfrom
WSAGetOverlappedResult
setsockopt
WSASend
WSAIoctl
bind
WSASocketW
getaddrinfo
ioctlsocket
getsockopt
getpeername
shutdown
recv
WSACloseEvent
WSACreateEvent
WSACleanup
WSARecv
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
htons
socket
ntohs
WSASetLastError
__WSAFDIsSet
select
accept
htonl
listen
WSAStartup
freeaddrinfo

crypt32

CertFindExtension
CertEnumCertificatesInStore
CertGetCertificateChain
CryptQueryObject
CertFindCertificateInStore
CryptStringToBinaryA
PFXImportCertStore
CertGetNameStringA
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertAddCertificateContextToStore
CertCloseStore
CertDuplicateStore
CertDuplicateCertificateContext
CertFreeCertificateChain
CertDuplicateCertificateChain
CertFreeCertificateContext
CertOpenStore
CertVerifyCertificateChainPolicy
CertGetEnhancedKeyUsage
CryptDecodeObjectEx
CryptUnprotectData

oleaut32

VariantClear
SysAllocString
SysFreeString
SafeArrayUnaccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SysAllocStringLen

pdh

PdhRemoveCounter
PdhCollectQueryData
PdhOpenQueryA
PdhGetFormattedCounterValue
PdhAddEnglishCounterW
PdhCloseQuery

iphlpapi

FreeMibTable
GetIfEntry2
GetIfTable2

netapi32

NetApiBufferFree
NetUserGetLocalGroups
NetUserEnum

user32

GetMonitorInfoW
EnumDisplayMonitors
EnumDisplaySettingsExW

gdi32

SelectObject
SetStretchBltMode
StretchBlt
GetDIBits
GetObjectW
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
GetDeviceCaps
CreateDCW
DeleteDC

ole32

CoInitializeSecurity
CoCreateInstance
CoInitializeEx
CoTaskMemFree
CoSetProxyBlanket
CoUninitialize

bcrypt

BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptGenRandom

shell32

CommandLineToArgvW
SHGetKnownFolderPath

ntdll

NtQueryInformationProcess
RtlGetVersion
NtQuerySystemInformation

powrprof

CallNtPowerInformation

psapi

GetModuleFileNameExW
EnumProcessModulesEx
GetPerformanceInfo

vcruntime140

memmove
memcpy
__CxxFrameHandler3
strchr
strrchr
strstr
memchr
__C_specific_handler
__current_exception
__current_exception_context
memset
memcmp

api-ms-win-crt-string-l1-1-0

strspn
strncmp
strcpy
_strdup
strcspn
strcmp
wcslen
strpbrk
strlen
strncpy

api-ms-win-crt-runtime-l1-1-0

terminate
_cexit
__p___argv
__p___argc
_register_thread_local_exe_atexit_callback
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_crt_atexit
_configure_narrow_argv
_set_app_type
_seh_filter_exe
_endthreadex
_initialize_onexit_table
_register_onexit_function
exit
_beginthreadex
_wassert
abort
__sys_nerr
_c_exit
__sys_errlist
_errno

api-ms-win-crt-convert-l1-1-0

strtoll
atoi
wcstombs
strtoul
strtol

api-ms-win-crt-stdio-l1-1-0

_open
fputc
_lseeki64
fgets
fopen
fseek
fputs
__acrt_iob_func
_set_fmode
__p__commode
fflush
_read
fwrite
feof
__stdio_common_vsscanf
fclose
ftell
fread
__stdio_common_vsprintf
_write
_close

api-ms-win-crt-heap-l1-1-0

malloc
calloc
realloc
_msize
_set_new_mode
free

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64
_localtime64_s
strftime

api-ms-win-crt-utility-l1-1-0

qsort
_rotl64

api-ms-win-crt-filesystem-l1-1-0

_stat64
_fstat64
_unlink
_access

api-ms-win-crt-math-l1-1-0

__setusermatherr
_fdopen
log
_dclass

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: threatbook

Password: threatbook

90ab8251bc09220dabf76603ae053404

Headers

DLL Characteristics

File Characteristics

Imports

secur32

kernel32

advapi32

ws2_32

crypt32

oleaut32

pdh

iphlpapi

netapi32

user32

gdi32

ole32

bcrypt

shell32

ntdll

powrprof

psapi

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 27KB - Virtual size: 31KB

.pdata Size: 89KB - Virtual size: 89KB

.reloc Size: 29KB - Virtual size: 28KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 27KB - Virtual size: 31KB

.pdata
Size: 89KB - Virtual size: 89KB

.reloc
Size: 29KB - Virtual size: 28KB