lucastealer | e7e1825173152caddc73e659c39b956f666f4348e7163be34fc9b3eb14ffdbda[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

e7e1825173152caddc73e659c39b956f666f4348e7163be34fc9b3eb14ffdbda.zip
Size

1.8MB
MD5

56ef247248ffc596ee7ca4904971c274
SHA1

b90ac6f4fc3099a3891a3fc8d7480351767c424a
SHA256

8acf346f8e6cc412c42bcf827a01fc8b22ce643aa8088f025e2320c43c145f28
SHA512

67fbda9739a8f51e3c06dd7401a31a0c53f991cc7ffd1ae4a0675855d4ebe0fc180b991dfec777aa0bd76e8f2da0565ab77584522d1a81520e37fe678903c6fb
SSDEEP

49152:Tqx+oqhahGZtB6slRk7hl173N3JnmIBoJvalNXIpQ:S+oqhaqtB6KqlBp9mioJAC2

Score

10^/10

lucastealer

Malware Config

Signatures

Luca Stealer payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/e7e1825173152caddc73e659c39b956f666f4348e7163be34fc9b3eb14ffdbda	family_lucastealer

Lucastealer family
lucastealer

Files

e7e1825173152caddc73e659c39b956f666f4348e7163be34fc9b3eb14ffdbda.zip
.zip

Password: threatbook
e7e1825173152caddc73e659c39b956f666f4348e7163be34fc9b3eb14ffdbda
.exe windows x64

Password: threatbook

28104b74b2a2934d96271d3358139d9d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

secur32

LsaFreeReturnBuffer
LsaGetLogonSessionData
LsaEnumerateLogonSessions

kernel32

GetSystemInfo
GetFileInformationByHandle
GetModuleHandleA
GetCurrentThread
TryAcquireSRWLockExclusive
GetStdHandle
GetConsoleMode
WriteConsoleW
SetLastError
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetCurrentProcess
ReleaseMutex
GetEnvironmentVariableW
RtlLookupFunctionEntry
FormatMessageW
GetTempPathW
CreateFileW
GetFullPathNameW
SetFilePointerEx
FindNextFileW
FindFirstFileW
FindClose
SetHandleInformation
CreateThread
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetCurrentDirectoryW
RtlCaptureContext
AcquireSRWLockShared
ReleaseSRWLockShared
SetFileInformationByHandle
DuplicateHandle
CopyFileExW
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
LocalFree
ReadProcessMemory
VirtualQueryEx
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceExW
DeviceIoControl
OpenProcess
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
Sleep
SwitchToThread
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentVariableA
SleepEx
MoveFileExA
VerSetConditionMask
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
ReadFile
FlushFileBuffers
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
SystemTimeToFileTime
GetCurrentProcessId
GetFileSize
LockFileEx
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
AreFileApisANSI
InitializeCriticalSection
TryEnterCriticalSection
GetCurrentThreadId
TerminateProcess
WaitForSingleObject
HeapFree
GetProcessHeap
HeapAlloc
GetModuleHandleW
WakeAllConditionVariable
CreateDirectoryW
HeapReAlloc
SetThreadStackGuarantee
AddVectoredExceptionHandler
DeleteFileW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
WakeConditionVariable
GetFileInformationByHandleEx
FreeLibrary
GetProcAddress
LoadLibraryExW
GetComputerNameExW
GetLogicalDrives
GlobalMemoryStatusEx
GetTickCount64
GetUserPreferredUILanguages
SleepConditionVariableSRW
ReleaseSRWLockExclusive
GetLastError
AcquireSRWLockExclusive
CloseHandle
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetSystemDirectoryA

advapi32

GetUserNameW
GetTokenInformation
LookupAccountSidW
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
OpenProcessToken

ws2_32

WSACleanup
WSAStartup
WSASocketW
freeaddrinfo
getaddrinfo
bind
connect
getsockname
ioctlsocket
recvfrom
htons
socket
ntohs
WSASetLastError
shutdown
closesocket
WSAGetLastError
WSAIoctl
send
__WSAFDIsSet
select
accept
htonl
listen
recv
getpeername
setsockopt
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
getsockopt

crypt32

CertFindExtension
CertGetNameStringA
CryptQueryObject
PFXImportCertStore
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CryptDecodeObjectEx
CryptStringToBinaryA
CertFindCertificateInStore
CertCloseStore
CertFreeCertificateContext
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertGetEnhancedKeyUsage
CertOpenStore
CertCreateCertificateChainEngine
CertAddCertificateContextToStore
CryptUnprotectData

oleaut32

VariantClear
SysAllocString
SysFreeString
SafeArrayAccessData
SafeArrayGetUBound
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayGetLBound

pdh

PdhCollectQueryData
PdhGetFormattedCounterValue
PdhAddEnglishCounterW
PdhCloseQuery
PdhRemoveCounter
PdhOpenQueryA

iphlpapi

GetIfTable2
FreeMibTable

ntdll

RtlGetVersion
NtQuerySystemInformation
NtQueryInformationProcess

netapi32

NetUserEnum
NetUserGetLocalGroups
NetApiBufferFree

user32

GetMonitorInfoW
EnumDisplaySettingsExW
EnumDisplayMonitors

gdi32

GetDeviceCaps
DeleteDC
CreateCompatibleBitmap
SelectObject
SetStretchBltMode
StretchBlt
GetDIBits
GetObjectW
DeleteObject
CreateDCW
CreateCompatibleDC

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CoTaskMemFree
CoUninitialize

bcrypt

BCryptGenRandom
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider

shell32

SHGetKnownFolderPath
CommandLineToArgvW

powrprof

CallNtPowerInformation

psapi

GetModuleFileNameExW
EnumProcessModulesEx
GetPerformanceInfo

vcruntime140

memchr
strstr
strchr
memcmp
__CxxFrameHandler3
memset
memmove
memcpy
__current_exception
__current_exception_context
__C_specific_handler
strrchr

api-ms-win-crt-string-l1-1-0

strspn
strcmp
strncpy
strcpy
wcslen
strlen
strpbrk
_strdup
strcspn
strncmp

api-ms-win-crt-runtime-l1-1-0

__p___argv
__p___argc
_cexit
_c_exit
_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_crt_atexit
_seh_filter_exe
_endthreadex
_initialize_onexit_table
exit
_register_onexit_function
_wassert
abort
_beginthreadex
terminate
__sys_nerr
__sys_errlist
_errno
_set_app_type

api-ms-win-crt-convert-l1-1-0

strtol
strtoul
strtoll
wcstombs
atoi

api-ms-win-crt-stdio-l1-1-0

fflush
fopen
_lseeki64
_write
_read
fseek
fgets
__acrt_iob_func
_close
fread
feof
fwrite
_set_fmode
__stdio_common_vsscanf
fclose
ftell
fputc
__stdio_common_vsprintf
__p__commode
fputs
_open

api-ms-win-crt-heap-l1-1-0

realloc
calloc
malloc
free
_msize
_set_new_mode

api-ms-win-crt-time-l1-1-0

_time64
_localtime64_s
strftime
_gmtime64

api-ms-win-crt-utility-l1-1-0

_rotl64
qsort

api-ms-win-crt-filesystem-l1-1-0

_stat64
_access
_unlink
_fstat64

api-ms-win-crt-math-l1-1-0

__setusermatherr
log
_dclass
_fdopen

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: threatbook

Password: threatbook

28104b74b2a2934d96271d3358139d9d

Headers

DLL Characteristics

File Characteristics

Imports

secur32

kernel32

advapi32

ws2_32

crypt32

oleaut32

pdh

iphlpapi

ntdll

netapi32

user32

gdi32

ole32

bcrypt

shell32

powrprof

psapi

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 27KB - Virtual size: 30KB

.pdata Size: 73KB - Virtual size: 72KB

.reloc Size: 25KB - Virtual size: 25KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 27KB - Virtual size: 30KB

.pdata
Size: 73KB - Virtual size: 72KB

.reloc
Size: 25KB - Virtual size: 25KB