241217-w2srlatphz_pw_infected[.]zip | Triage

Sharing

General

Target

241217-w2srlatphz_pw_infected.zip
Size

199KB
MD5

38e66101501c8772dad02d93ce9dfe3b
SHA1

a24a60704b14758f5adefe50ed8da1a7f358af94
SHA256

1d619909920477f1c13c79e88a8fd911d608dfb59f81c68c4f796a9f87affdef
SHA512

35a9dedb7d74554284e32722623285b971b8a3143676ad7752101aef968e366db5b8ac4e6156f1b4157631f5f58104c6276df111b819ec47db32b12206c51fe7
SSDEEP

6144:W46423CkeO8hcCBYKF8V6dG5zkt1XQfGqDRQ:j6x3CjO8OCBp86UktBuGqq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2024-12-17_67164c4680d767fcc5dbe48c3586444c_luca-stealer_ryuk

Files

241217-w2srlatphz_pw_infected.zip
.zip

Password: infected
2024-12-17_67164c4680d767fcc5dbe48c3586444c_luca-stealer_ryuk
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 312KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ