lucastealer | e69cae935386f069ffc4f544b981487d307b1f5300725eac41a37ee7cae243ca

Sharing

Copy URL

Twitter E-mail

General

Target

e69cae935386f069ffc4f544b981487d307b1f5300725eac41a37ee7cae243ca
Size

23.7MB
MD5

e746e9e4d1824e3ae9f3866f77470e47
SHA1

c15d7e3891b97a99b1ecd984d3df6d72866c5bc4
SHA256

e69cae935386f069ffc4f544b981487d307b1f5300725eac41a37ee7cae243ca
SHA512

e224dadd9a5b6d58e8cb34d7f7cc55f422178d789f72a190e4c5bba21fa16ded0411a8fed605ce2e375f3913e9912d845396fb4a8570e25557bc2e1541ae1545
SSDEEP

98304:Pj1rkDmCGn3KA5unFRppsmffFa6qVlqnWXWkGUTC0mYQB503hT+J1BeH/gpCExe:PFkIQzffhqAWNyapUSt

Score

10^/10

lucastealer

Malware Config

Signatures

Luca Stealer payload 1 IoCs

Processes:

resource	yara_rule
sample	family_lucastealer

Lucastealer family
lucastealer

Files

e69cae935386f069ffc4f544b981487d307b1f5300725eac41a37ee7cae243ca
.exe windows x64

e414ef0adea25a9f8489e71a83b97953

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

secur32

LsaGetLogonSessionData
LsaFreeReturnBuffer
LsaEnumerateLogonSessions

kernel32

PostQueuedCompletionStatus
GetHandleInformation
CreateIoCompletionPort
GetQueuedCompletionStatusEx
InitializeSRWLock
InitializeCriticalSection
InitOnceExecuteOnce
GetTickCount64
SetFileCompletionNotificationModes
SleepConditionVariableSRW
SetHandleInformation
GetCurrentProcessId
WriteFile
GetProcessHeap
HeapAlloc
HeapFree
WaitForSingleObject
GlobalSize
GlobalAlloc
GlobalUnlock
GlobalFree
GlobalLock
GetFileInformationByHandle
RtlVirtualUnwind
FlushFileBuffers
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
GetFileSize
LockFileEx
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
GetSystemInfo
HeapReAlloc
DeleteFileW
DeleteFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateFileW
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
GetFullPathNameW
HeapCreate
AreFileApisANSI
GetCurrentThreadId
GlobalMemoryStatusEx
OpenProcess
GetProcessTimes
VirtualQueryEx
ReadProcessMemory
GetSystemTimes
GetProcessIoCounters
GetDiskFreeSpaceExW
GetLogicalDrives
GetDriveTypeW
GetVolumeInformationW
DeviceIoControl
ReleaseMutex
FindClose
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
RtlLookupFunctionEntry
GetCurrentDirectoryW
GetEnvironmentVariableW
DuplicateHandle
SetFilePointerEx
CreateDirectoryW
GetStdHandle
TerminateProcess
WakeAllConditionVariable
WakeConditionVariable
CreateMutexA
FindNextFileW
GetFileInformationByHandleEx
FindFirstFileW
CopyFileExW
GetConsoleMode
ExitProcess
WriteConsoleW
CreateThread
TlsGetValue
TlsSetValue
AcquireSRWLockShared
ReadFile
GetFileSizeEx
CreateFileA
VerifyVersionInfoW
VerSetConditionMask
WaitForSingleObjectEx
GetEnvironmentVariableA
MoveFileExA
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryA
GetSystemDirectoryA
QueryPerformanceFrequency
SleepEx
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetTickCount
QueryPerformanceCounter
FormatMessageW
LocalFree
GetModuleHandleW
TryAcquireSRWLockExclusive
SystemTimeToFileTime
SetLastError
GetFinalPathNameByHandleW
SetFileInformationByHandle
CloseHandle
GetModuleHandleA
FreeLibrary
GetProcAddress
LoadLibraryExW
GetComputerNameExW
GetUserPreferredUILanguages
Sleep
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetLastError
ReleaseSRWLockShared
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
VirtualQuery
RaiseException
TryEnterCriticalSection

advapi32

GetUserNameW
RegOpenKeyExW
RegCloseKey
SystemFunction036
CryptReleaseContext
CryptAcquireContextA
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
OpenProcessToken
GetTokenInformation
LookupAccountSidW
RegQueryValueExW

ws2_32

WSASetEvent
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
closesocket
setsockopt
WSAIoctl
htonl
shutdown
WSARecv
recvfrom
WSASend
WSAWaitForMultipleEvents
WSAGetLastError
htons
socket
bind
connect
getpeername
getsockname
getsockopt
ntohs
recv
getaddrinfo
WSASetLastError
__WSAFDIsSet
select
WSAStartup
WSACleanup
freeaddrinfo
WSASocketW
ioctlsocket
listen
accept

crypt32

CertGetEnhancedKeyUsage
CertFindCertificateInStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertDuplicateCertificateContext
CertFreeCertificateContext
CertEnumCertificatesInStore
CertGetCertificateChain
CertAddCertificateContextToStore
PFXImportCertStore
CertOpenStore
CertCloseStore
CryptStringToBinaryA
CryptDecodeObjectEx
CertFreeCertificateChain
CertFreeCertificateChainEngine
CryptUnprotectData

ntdll

NtCreateFile
NtCancelIoFileEx
NtDeviceIoControlFile
RtlNtStatusToDosError
NtQueryInformationProcess
NtQuerySystemInformation
RtlGetVersion

user32

EnumDisplaySettingsExW
EnumDisplayMonitors
CloseClipboard
GetClipboardData
EmptyClipboard
OpenClipboard
GetMonitorInfoW
SetClipboardData

bcrypt

BCryptGenRandom
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider

gdi32

SelectObject
StretchBlt
SetStretchBltMode
GetDeviceCaps
CreateCompatibleDC
GetDIBits
DeleteObject
DeleteDC
CreateCompatibleBitmap
GetObjectW
CreateDCW

oleaut32

SafeArrayGetLBound
VariantClear
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayDestroy
SysFreeString
SysAllocStringLen
SafeArrayGetUBound
SysAllocString

ole32

CoUninitialize
CoInitializeSecurity
CoTaskMemFree
CoCreateInstance
CoSetProxyBlanket
CoInitializeEx

shell32

SHGetKnownFolderPath
CommandLineToArgvW

iphlpapi

FreeMibTable
GetIfEntry2
GetIfTable2

netapi32

NetApiBufferFree
NetUserGetLocalGroups
NetUserEnum

pdh

PdhCollectQueryData
PdhOpenQueryA
PdhAddEnglishCounterW
PdhRemoveCounter
PdhGetFormattedCounterValue
PdhCloseQuery

powrprof

CallNtPowerInformation

psapi

GetPerformanceInfo
EnumProcessModulesEx
GetModuleFileNameExW

vcruntime140

__CxxFrameHandler3
memset
memmove
memcmp
strchr
strstr
memchr
_CxxThrowException
__C_specific_handler
__current_exception
__current_exception_context
__C_specific_handler_noexcept
__vcrt_GetModuleFileNameW
__vcrt_LoadLibraryExW
strrchr
memcpy

api-ms-win-crt-math-l1-1-0

_fdopen
log
__setusermatherr
_dclass

api-ms-win-crt-string-l1-1-0

strlen
strpbrk
strcpy_s
wcslen
strcat_s
strspn
strcpy
strcmp
strcspn
strncmp
strncpy
_strdup

api-ms-win-crt-stdio-l1-1-0

_set_fmode
_read
_write
__stdio_common_vfprintf
_close
_lseeki64
fgets
_open
fopen
__stdio_common_vsprintf
fputc
__p__commode
fflush
ftell
feof
__stdio_common_vsscanf
fputs
fclose
fseek
fwrite
fread
__acrt_iob_func

api-ms-win-crt-heap-l1-1-0

realloc
_set_new_mode
_msize
calloc
free
malloc

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_wassert
abort
_beginthreadex
_initterm
_initterm_e
exit
_exit
__p___argc
__p___argv
_cexit
_c_exit
__sys_nerr
__sys_errlist
_errno
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
_seh_filter_exe
_endthreadex

api-ms-win-crt-convert-l1-1-0

atoi
strtoul
strtol
wcstombs
strtoll

api-ms-win-crt-utility-l1-1-0

qsort
_rotl64
_byteswap_ulong
_byteswap_uint64

api-ms-win-crt-time-l1-1-0

_gmtime64
_localtime64_s
_time64
strftime
clock

api-ms-win-crt-filesystem-l1-1-0

_access
_fstat64
_stat64
_unlink

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 18.1MB - Virtual size: 18.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 171KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e414ef0adea25a9f8489e71a83b97953

Headers

DLL Characteristics

File Characteristics

Imports

secur32

kernel32

advapi32

ws2_32

crypt32

ntdll

user32

bcrypt

gdi32

oleaut32

ole32

shell32

iphlpapi

netapi32

pdh

powrprof

psapi

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 18.1MB - Virtual size: 18.1MB

.rdata Size: 4.3MB - Virtual size: 4.3MB

.data Size: 171KB - Virtual size: 177KB

.pdata Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 82KB - Virtual size: 81KB

.text
Size: 18.1MB - Virtual size: 18.1MB

.rdata
Size: 4.3MB - Virtual size: 4.3MB

.data
Size: 171KB - Virtual size: 177KB

.pdata
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 82KB - Virtual size: 81KB