S:\tcaddin\Output\install\tcupdate.pdb
Static task
static1
Behavioral task
behavioral1
Sample
2024-12-23_5bf65a26a72e8bfd23035d04b8b2fc43_luca-stealer_magniber_poet-rat_rhadamanthys.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2024-12-23_5bf65a26a72e8bfd23035d04b8b2fc43_luca-stealer_magniber_poet-rat_rhadamanthys.exe
Resource
win10v2004-20241007-en
General
-
Target
2024-12-23_5bf65a26a72e8bfd23035d04b8b2fc43_luca-stealer_magniber_poet-rat_rhadamanthys
-
Size
10.0MB
-
MD5
5bf65a26a72e8bfd23035d04b8b2fc43
-
SHA1
67b42d565c5d0c5e0292c0911da7f9b10082f09f
-
SHA256
d07178c88eeeef7cfd9db6b2405574e16a85ee9b8973d2603b22b3a7feb9464e
-
SHA512
fb8570dac911d065dd5b7aa2961c80c2f5be72d49f7afeb3a9a768001254a61f762302dd37e897f1449cd5a44f0afd1b7ba5de5d5bd6c777368a8819129476de
-
SSDEEP
49152:ND7vEocorPGCOhZvLmsuVjuhDOiXviHLDSTkOigxHy7eMFqiAjR4H1qIuS0Ar8j3:ND79rkhRLmYjcl7eMFqiAjPS1rtDhov
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-12-23_5bf65a26a72e8bfd23035d04b8b2fc43_luca-stealer_magniber_poet-rat_rhadamanthys
Files
-
2024-12-23_5bf65a26a72e8bfd23035d04b8b2fc43_luca-stealer_magniber_poet-rat_rhadamanthys.exe windows:6 windows x86 arch:x86
cf393a5517f285ced3656ec0e11a6d6d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_BIND
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntdll
VerSetConditionMask
RtlVerifyVersionInfo
LdrLockLoaderLock
LdrUnlockLoaderLock
RtlUnwind
RtlCaptureContext
kernel32
InitializeCriticalSectionAndSpinCount
FindClose
FindNextFileW
OpenMutexW
CreateMutexExW
CreateEventExW
CreatePrivateNamespaceW
OpenPrivateNamespaceW
CreateBoundaryDescriptorW
AddSIDToBoundaryDescriptor
DeleteBoundaryDescriptor
LocalAlloc
AddIntegrityLabelToBoundaryDescriptor
GetDriveTypeW
GetFullPathNameW
GetVolumeInformationW
GetVolumePathNameW
SetEvent
WaitForMultipleObjects
TerminateProcess
ResumeThread
FreeLibrary
GetModuleHandleExW
ExpandEnvironmentStringsW
GetStartupInfoW
VirtualProtect
FlushInstructionCache
GetTimeZoneInformation
LCMapStringEx
CreateThread
MultiByteToWideChar
K32EnumProcessModules
GetFileSizeEx
DuplicateHandle
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseMutex
Sleep
SwitchToThread
GetSystemTimeAsFileTime
GetTickCount
MapViewOfFileEx
CreateFileMappingA
OpenFileMappingA
ReadFile
WriteFile
GetOverlappedResult
ConnectNamedPipe
CreateNamedPipeW
CancelIo
InitializeProcThreadAttributeList
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
GetFileInformationByHandle
GetCurrentDirectoryW
FlushFileBuffers
GetFileTime
SetEndOfFile
SetFilePointerEx
EnterCriticalSection
AreFileApisANSI
SetFilePointer
FileTimeToDosDateTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SystemTimeToFileTime
RaiseException
MulDiv
GetCurrentProcessId
LockFileEx
UnlockFileEx
AcquireSRWLockShared
ReleaseSRWLockShared
GetExitCodeThread
WaitForSingleObjectEx
IsProcessorFeaturePresent
SleepConditionVariableSRW
WakeAllConditionVariable
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LoadLibraryExA
EncodePointer
GetStringTypeW
GetCPInfo
OutputDebugStringW
HeapAlloc
HeapFree
GetProcessHeap
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InterlockedExchange
GetVersionExW
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread
GetFileType
SetStdHandle
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
GetExitCodeProcess
WaitForSingleObject
ExitProcess
GetStdHandle
WriteConsoleW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
HeapSize
FindFirstFileExW
SetFileAttributesW
RemoveDirectoryW
GetFileAttributesW
CompareStringOrdinal
CompareStringEx
MapViewOfFile
CreateFileMappingW
SetFileInformationByHandle
DeleteFileW
CreateFileW
GetCommandLineW
GetLocaleInfoEx
GetCurrentProcess
IsDebuggerPresent
FindResourceW
SizeofResource
LockResource
LoadResource
GetSystemDirectoryW
GetTempPathW
CreateDirectoryW
GetEnvironmentVariableW
VirtualFree
VirtualAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
VirtualQuery
GetUserPreferredUILanguages
MoveFileExW
GlobalFree
LoadLibraryA
UnmapViewOfFile
GetThreadPriority
SetThreadPriority
LeaveCriticalSection
GetCurrentThreadId
GetCurrentThread
PeekNamedPipe
WideCharToMultiByte
FormatMessageW
IsValidCodePage
FormatMessageA
LocalFree
ClosePrivateNamespace
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
GetSystemInfo
GetProcessId
CreateProcessW
DeleteCriticalSection
InitializeCriticalSectionEx
SetLastError
GetLastError
CloseHandle
DecodePointer
OutputDebugStringA
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
DeviceIoControl
SetEnvironmentVariableW
user32
GetParent
GetMenu
KillTimer
SetTimer
GetKeyState
GetSysColor
MessageBeep
SystemParametersInfoW
GetAncestor
GetMonitorInfoW
MonitorFromWindow
MonitorFromRect
MonitorFromPoint
IsDialogMessageW
LoadImageW
DestroyIcon
GetWindowTextW
IsWindowUnicode
GetWindowLongA
EnumThreadWindows
MapWindowPoints
GetWindowRect
GetClientRect
GetWindowTextLengthW
ReleaseDC
GetWindowDC
IsWindowEnabled
EnableWindow
MsgWaitForMultipleObjectsEx
GetFocus
SetFocus
GetDlgItem
EndDialog
DialogBoxIndirectParamW
IsWindowVisible
SetWindowPos
ShowWindow
DestroyWindow
DispatchMessageW
TranslateMessage
LoadCursorW
GetWindow
GetSystemMetrics
SetWindowPlacement
GetWindowPlacement
CreateWindowExW
GetClassInfoExW
RegisterClassExW
SetWindowTextW
GetWindowThreadProcessId
PostMessageW
RegisterWindowMessageW
PeekMessageW
GetUserObjectInformationW
GetProcessWindowStation
GetGuiResources
CharUpperBuffW
AdjustWindowRectEx
PostQuitMessage
InvalidateRect
SetWindowLongW
GetWindowLongW
IsWindow
CallWindowProcW
DefWindowProcW
SendMessageW
UnregisterClassW
GetClassNameW
GetDialogBaseUnits
gdi32
GetTextFaceW
GetObjectType
GetObjectW
CreateCompatibleDC
CreateFontIndirectW
DeleteDC
DeleteObject
SelectObject
GetTextExtentPoint32W
GetTextMetricsW
GetDeviceCaps
SetBkColor
SelectClipRgn
SetTextColor
SetBkMode
advapi32
RegDeleteValueW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
SetSecurityInfo
CreateRestrictedToken
CreateProcessAsUserW
RegDeleteTreeW
RegQueryValueExW
RegEnumValueW
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
RegOpenKeyExW
SetEntriesInAclW
SetSecurityDescriptorSacl
SetSecurityDescriptorControl
InitializeAcl
GetTokenInformation
AddMandatoryAce
StartServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CheckTokenMembership
CreateWellKnownSid
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegisterServiceCtrlHandlerExW
shell32
ShellExecuteExW
SHGetKnownFolderPath
CommandLineToArgvW
ole32
CoDisconnectObject
CoInitializeEx
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoSetProxyBlanket
oleaut32
GetErrorInfo
SetErrorInfo
SysStringLen
SysAllocStringLen
SysFreeString
shlwapi
SHAutoComplete
AssocQueryStringW
ws2_32
WSACleanup
WSAStartup
comctl32
ord413
uxtheme
BufferedPaintUnInit
BufferedPaintInit
msi
ord113
ord205
ord70
winhttp
WinHttpSetCredentials
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpGetDefaultProxyConfiguration
WinHttpSetStatusCallback
WinHttpCrackUrl
WinHttpOpen
WinHttpConnect
WinHttpReadData
WinHttpSetOption
WinHttpOpenRequest
WinHttpSendRequest
WinHttpCloseHandle
Sections
.text Size: 2.6MB - Virtual size: 2.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 368KB - Virtual size: 368KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 175KB - Virtual size: 184KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
tcreport Size: 76KB - Virtual size: 76KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 875KB - Virtual size: 874KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ