lucastealer | aef0158128517c30222e8c9518249b79ce07953606b18b8fcdbd7890d6b34cf8_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

aef0158128517c30222e8c9518249b79ce07953606b18b8fcdbd7890d6b34cf8_JC.exe
Size

3.2MB
MD5

3b1301fda1635cdbc9536a1f42eef496
SHA1

de04434bf78fc5ddca83266badff4907c32fca3f
SHA256

aef0158128517c30222e8c9518249b79ce07953606b18b8fcdbd7890d6b34cf8
SHA512

d84fdf566c003ecfa5cb5f2f12d1d72406c49c914c335c8eeb85c0737f3d3aefc38f6f1abaa7db30fa473ede65a3b6d87c6c77c1ccf6399950ec1e7126f69828
SSDEEP

49152:dpCnUWZ1UrxlIFy1/1pXmfYDlfAkGasOszjFFoAp/GqLFMk3D7pAuJq7NbTE:OUBxFpa7Ppjtx8FE

Score

10^/10

lucastealer

Malware Config

Signatures

Luca Stealer payload 1 IoCs

Processes:

resource	yara_rule
sample	family_lucastealer

Lucastealer family
lucastealer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
aef0158128517c30222e8c9518249b79ce07953606b18b8fcdbd7890d6b34cf8_JC.exe

Files

aef0158128517c30222e8c9518249b79ce07953606b18b8fcdbd7890d6b34cf8_JC.exe
.exe windows:6 windows x64

42da3164d6b565e9c54c78e9e2598ae5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetEnvironmentVariableW
RtlLookupFunctionEntry
GetModuleHandleW
FormatMessageW
GetTempPathW
GetModuleFileNameW
CreateFileW
GetFileInformationByHandleEx
GetFullPathNameW
SetFilePointerEx
FindNextFileW
CreateDirectoryW
FindFirstFileW
ReleaseMutex
GetCurrentProcess
CreateMutexA
LoadLibraryA
GetEnvironmentStringsW
GetFinalPathNameByHandleW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
GetCurrentProcessId
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
CreateEventW
CancelIo
WaitForSingleObjectEx
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetCurrentDirectoryW
RtlCaptureContext
AcquireSRWLockShared
ReleaseSRWLockShared
CopyFileExW
SleepConditionVariableSRW
PostQueuedCompletionStatus
WakeConditionVariable
WriteConsoleW
MultiByteToWideChar
SetLastError
TryAcquireSRWLockExclusive
GetConsoleMode
GetStdHandle
GetCurrentThread
GetProcAddress
GetFileInformationByHandle
GetQueuedCompletionStatusEx
WakeAllConditionVariable
GetSystemInfo
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
GetTimeZoneInformation
RtlVirtualUnwind
FlushFileBuffers
GetTickCount
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
WideCharToMultiByte
FreeLibrary
GetFileSize
LockFileEx
LocalFree
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileW
DeleteFileA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
Sleep
HeapSize
HeapValidate
UnmapViewOfFile
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
SetThreadStackGuarantee
AddVectoredExceptionHandler
CreateIoCompletionPort
SwitchToThread
AcquireSRWLockExclusive
SetFileCompletionNotificationModes
GetExitCodeProcess
GetModuleHandleA
WaitForSingleObject
SetHandleInformation
GetOverlappedResult
WaitForMultipleObjects
ReleaseSRWLockExclusive
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
HeapReAlloc
GetProcessHeap
HeapAlloc
FindClose
IsDebuggerPresent
CloseHandle
ReadFile
FreeEnvironmentStringsW
HeapFree

oleaut32

VariantClear
SafeArrayAccessData
SafeArrayDestroy
SysFreeString
SysAllocStringLen
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayUnaccessData

user32

EnumDisplayMonitors
EnumDisplaySettingsExW
GetMonitorInfoW

ws2_32

setsockopt
bind
connect
getaddrinfo
freeaddrinfo
WSAStartup
WSACleanup
recv
send
getsockopt
getsockname
WSAGetLastError
getpeername
closesocket
WSAIoctl
ioctlsocket
WSASocketW
WSASend
shutdown

ntdll

NtCancelIoFileEx
RtlNtStatusToDosError
NtDeviceIoControlFile
NtWriteFile
NtReadFile
NtCreateFile

bcrypt

BCryptGenRandom

advapi32

FreeSid
RegCloseKey
RegQueryValueExW
AllocateAndInitializeSid
RegOpenKeyExW
SystemFunction036
CheckTokenMembership

crypt32

CertEnumCertificatesInStore
CertDuplicateCertificateChain
CertDuplicateCertificateContext
CertDuplicateStore
CryptUnprotectData
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertGetCertificateChain
CertOpenStore
CertFreeCertificateContext
CertAddCertificateContextToStore
CertCloseStore

secur32

FreeContextBuffer
EncryptMessage
AcceptSecurityContext
InitializeSecurityContextW
QueryContextAttributesW
DecryptMessage
ApplyControlToken
FreeCredentialsHandle
AcquireCredentialsHandleA
DeleteSecurityContext

gdi32

GetDeviceCaps
CreateDCW
GetObjectW
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
SetStretchBltMode
StretchBlt
GetDIBits
DeleteObject

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket

vcruntime140

memcpy
memset
__current_exception_context
__current_exception
__C_specific_handler
strrchr
memcmp
memmove
__CxxFrameHandler3

api-ms-win-crt-string-l1-1-0

strncmp
strcspn
strcmp
strlen

api-ms-win-crt-math-l1-1-0

_dclass
log
__setusermatherr
pow

api-ms-win-crt-heap-l1-1-0

malloc
free
_msize
realloc
_set_new_mode

api-ms-win-crt-utility-l1-1-0

_rotl64
qsort

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-runtime-l1-1-0

_exit
__p___argc
terminate
exit
_crt_atexit
_initterm_e
_initterm
_get_initial_narrow_environment
_register_onexit_function
_initialize_onexit_table
_c_exit
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
_set_app_type
_initialize_narrow_environment
__p___argv
_seh_filter_exe
_endthreadex
_cexit
_beginthreadex

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 762KB - Virtual size: 761KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

42da3164d6b565e9c54c78e9e2598ae5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

oleaut32

user32

ws2_32

ntdll

bcrypt

advapi32

crypt32

secur32

gdi32

ole32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 762KB - Virtual size: 761KB

.data Size: 24KB - Virtual size: 27KB

.pdata Size: 59KB - Virtual size: 59KB

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 762KB - Virtual size: 761KB

.data
Size: 24KB - Virtual size: 27KB

.pdata
Size: 59KB - Virtual size: 59KB

.reloc
Size: 13KB - Virtual size: 13KB