C:\Users\EliteZ\Desktop\Projects\Rust\cargo-stealer\target\debug\deps\cargo_stealer.pdb
Behavioral task
behavioral1
Sample
de6ad3a7e011954f1a31e68d083aa35cfe0229ca980724334d3cd1cac2e804e1.exe
Resource
win7-20240708-en
General
-
Target
efbf0e6a097d2ace76c4e1041313d76238d4097648b9ef4dd61a58831b954588
-
Size
5.8MB
-
MD5
16316ca7ccfc1258eb982208fb6317f8
-
SHA1
a399f8c581ba30db18f69fc77de1afbf362e864a
-
SHA256
efbf0e6a097d2ace76c4e1041313d76238d4097648b9ef4dd61a58831b954588
-
SHA512
fd626f9638ca571d1327413622e5cdf57210283ef69ef2f8679967c75917df4160d41fb52291f76f544a4ca2be499f55bd0c038f2c80d7f08530d227f4d115d3
-
SSDEEP
98304:a+lAq6x8fzM2/u9FZ0ex1nqEtu9NCrjqjD5I4tMF4+40qunEE:a+RegMQul021S9NCK5I4g4++0EE
Malware Config
Signatures
-
Luca Stealer payload 1 IoCs
Processes:
resource yara_rule static1/unpack001/de6ad3a7e011954f1a31e68d083aa35cfe0229ca980724334d3cd1cac2e804e1 family_lucastealer -
Lucastealer family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/de6ad3a7e011954f1a31e68d083aa35cfe0229ca980724334d3cd1cac2e804e1
Files
-
efbf0e6a097d2ace76c4e1041313d76238d4097648b9ef4dd61a58831b954588.zip
Password: infected
-
de6ad3a7e011954f1a31e68d083aa35cfe0229ca980724334d3cd1cac2e804e1.exe windows:6 windows x64 arch:x64
e952b96ec664d5d45072dc88c1d0f60d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
kernel32
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
QueryPerformanceFrequency
WriteFile
GetOverlappedResult
ReadFile
PostQueuedCompletionStatus
GetQueuedCompletionStatusEx
CreateIoCompletionPort
FreeLibrary
GetProcAddress
LoadLibraryA
GetProcessHeap
HeapAlloc
HeapFree
WaitForSingleObject
GetFileInformationByHandle
SetFileCompletionNotificationModes
RtlVirtualUnwind
LocalFree
FlushFileBuffers
GetTickCount
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
WideCharToMultiByte
GetFileSize
LockFileEx
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
HeapReAlloc
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
Sleep
MultiByteToWideChar
HeapSize
HeapValidate
UnmapViewOfFile
TryAcquireSRWLockExclusive
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
GetFullPathNameW
HeapCreate
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
AcquireSRWLockShared
ReleaseSRWLockShared
SleepConditionVariableSRW
FileTimeToSystemTime
GetSystemInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetModuleFileNameW
CloseHandle
CreateFileW
FreeEnvironmentStringsW
ReleaseMutex
FindClose
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
ReleaseSRWLockExclusive
GetLastError
DuplicateHandle
SetFilePointerEx
CreateDirectoryW
GetStdHandle
WriteFileEx
SleepEx
ReadFileEx
GetExitCodeProcess
TerminateProcess
WakeAllConditionVariable
WakeConditionVariable
GetCurrentProcessId
CreateMutexA
GetModuleHandleA
FindNextFileW
GetFileInformationByHandleEx
FindFirstFileW
GetFinalPathNameByHandleW
CopyFileExW
CreateEventW
CancelIo
GetConsoleMode
AcquireSRWLockExclusive
GetModuleHandleW
ExitProcess
CreateNamedPipeW
WaitForMultipleObjects
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
WriteConsoleW
CreateThread
TlsGetValue
TlsSetValue
GlobalSize
InitializeSListHead
IsDebuggerPresent
GetFileAttributesW
GlobalFree
RaiseException
GlobalUnlock
SetHandleInformation
GlobalLock
FormatMessageW
GlobalAlloc
VirtualQuery
user32
EnumDisplayMonitors
EnumDisplaySettingsExW
GetClipboardData
CloseClipboard
SetClipboardData
GetMonitorInfoW
OpenClipboard
advapi32
RegCreateKeyExA
CheckTokenMembership
AllocateAndInitializeSid
FreeSid
RegSetValueExA
RegQueryValueExW
RegOpenKeyExW
SystemFunction036
RegCloseKey
crypt32
CryptUnprotectData
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateContext
CertDuplicateCertificateContext
CertAddCertificateContextToStore
CertFreeCertificateChain
CertDuplicateCertificateChain
CertEnumCertificatesInStore
CertOpenStore
CertDuplicateStore
CertCloseStore
secur32
ApplyControlToken
EncryptMessage
FreeCredentialsHandle
DeleteSecurityContext
DecryptMessage
AcquireCredentialsHandleA
QueryContextAttributesW
AcceptSecurityContext
FreeContextBuffer
InitializeSecurityContextW
ws2_32
recv
shutdown
getpeername
getsockname
connect
bind
WSASocketW
closesocket
send
WSASend
WSAIoctl
setsockopt
ioctlsocket
WSAGetLastError
WSAStartup
WSACleanup
freeaddrinfo
getaddrinfo
getsockopt
ntdll
NtCreateFile
RtlNtStatusToDosError
NtDeviceIoControlFile
NtCancelIoFileEx
gdi32
DeleteDC
CreateDCW
SetStretchBltMode
GetDeviceCaps
GetDIBits
CreateCompatibleBitmap
GetObjectW
StretchBlt
DeleteObject
SelectObject
CreateCompatibleDC
oleaut32
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
VariantClear
SafeArrayDestroy
SysFreeString
SysAllocStringLen
ole32
CoCreateInstance
CoSetProxyBlanket
CoInitializeEx
CoInitializeSecurity
bcrypt
BCryptGenRandom
vcruntime140
memcpy
__CxxFrameHandler3
memset
memmove
memcmp
strrchr
__vcrt_LoadLibraryExW
_CxxThrowException
__C_specific_handler
__vcrt_GetModuleFileNameW
__C_specific_handler_noexcept
__current_exception
__current_exception_context
api-ms-win-crt-math-l1-1-0
__setusermatherr
_dclass
log
api-ms-win-crt-heap-l1-1-0
malloc
_set_new_mode
free
realloc
_msize
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-string-l1-1-0
strcspn
strcmp
strcat_s
strlen
strncmp
strcpy_s
api-ms-win-crt-time-l1-1-0
_localtime64_s
api-ms-win-crt-runtime-l1-1-0
_beginthreadex
_register_thread_local_exe_atexit_callback
_register_onexit_function
_seh_filter_exe
_set_app_type
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initialize_onexit_table
terminate
_initterm_e
exit
_c_exit
_cexit
__p___argv
_crt_atexit
_endthreadex
_exit
__p___argc
api-ms-win-crt-stdio-l1-1-0
__p__commode
_set_fmode
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
Sections
.text Size: 13.6MB - Virtual size: 13.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2.8MB - Virtual size: 2.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 83KB - Virtual size: 87KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 623KB - Virtual size: 622KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 55KB - Virtual size: 54KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ