lucastealer | 595fb763e63c59712bc4872255fe54c5d1f54485b9f37f7bddcd34953c2a48d4[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

595fb763e63c59712bc4872255fe54c5d1f54485b9f37f7bddcd34953c2a48d4.zip
Size

9.6MB
MD5

9350da41c591680aa5dc9826e909f4aa
SHA1

31d5edcd12be74b79132d7aab0a642391a645a0b
SHA256

32a9792fb89c32b6dee475cbb62ad9d1013f863e17a3f5861ae784dc0a293ebd
SHA512

0ddf7cf06f581a13bceae8fb5ac8b8f81a3ff39f796738fbcc1906d40f3c6e45fd2b7097ab469bc8e3a63af395384b53c5ffc82316fe06c8fe1e6eff8dd1d666
SSDEEP

196608:/AxUE659QflW2uzOqqFI1mU+zsBSIMCEEaXSzEpj:/Ayp5NcFI1FBhp6nl

Score

10^/10

themida lucastealer

Malware Config

Extracted

Family

lucastealer

https://discord.com/api/webhooks/1023626463913721926/eLxUNdBgepSiZuOxwWEbYg9gK8OAyGYyC8W0TqKJ_Ey8z2QMkFsr94VtnvlNT-8pbOMc

Signatures

Lucastealer family
lucastealer

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/595fb763e63c59712bc4872255fe54c5d1f54485b9f37f7bddcd34953c2a48d4	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/595fb763e63c59712bc4872255fe54c5d1f54485b9f37f7bddcd34953c2a48d4

Files

595fb763e63c59712bc4872255fe54c5d1f54485b9f37f7bddcd34953c2a48d4.zip
.zip

Password: infected
595fb763e63c59712bc4872255fe54c5d1f54485b9f37f7bddcd34953c2a48d4
.exe windows:6 windows x64 arch:x64

Password: infected

54ee6aa5705af0f6f8e53b67c4bdb515

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LeaveCriticalSection
GetSystemTimePreciseAsFileTime
GetModuleHandleA
MapViewOfFile
CreateProcessW
SetFilePointer
MultiByteToWideChar
GetLastError
GetSystemFirmwareTable

vcruntime140

memchr
strstr
strchr
memcmp
memcpy
__CxxFrameHandler3
memset
memcpy
__current_exception
__current_exception_context
__C_specific_handler
memchr

ws2_32

recv
getsockname
WSACleanup
freeaddrinfo

ucrtbase

atoi
strtoul
wcstombs
strtol
strtoll
realloc
calloc
free
malloc
_msize
_set_new_mode
_dclass
__setusermatherr
log
malloc
free
realloc
_mbsdup
calloc
strcspn
realloc
_c_exit
atoi
_read
_time64
qsort
_fstat64
_dclass
_configthreadlocale

bcrypt

BCryptGenRandom
BCryptGenRandom

ntdll

RtlGetVersion
NtQuerySystemInformation
NtCreateFile
NtReadFile
NtWriteFile
RtlNtStatusToDosError
NtCreateKeyedEvent
NtReleaseKeyedEvent
NtWaitForKeyedEvent
NtDeviceIoControlFile

kernelbase

SetThreadDescription
WaitOnAddress
WakeByAddressSingle

secur32

LsaFreeReturnBuffer

advapi32

RegOpenKeyExW
RegCreateKeyA

crypt32

CertFreeCertificateChain

oleaut32

SysAllocString

pdh

PdhRemoveCounter

iphlpapi

GetIfEntry2

netapi32

NetApiBufferFree

user32

OpenClipboard

gdi32

GetDeviceCaps

shell32

SHGetKnownFolderPath

combase

CoUninitialize

powrprof

CallNtPowerInformation

psapi

GetPerformanceInfo

Sections

Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_READ

.taggant
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Password: infected

54ee6aa5705af0f6f8e53b67c4bdb515

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

vcruntime140

ws2_32

ucrtbase

bcrypt

ntdll

kernelbase

secur32

advapi32

crypt32

oleaut32

pdh

iphlpapi

netapi32

user32

gdi32

shell32

combase

powrprof

psapi

Sections

Size: 3.6MB - Virtual size: 3.6MB

Size: 1.6MB - Virtual size: 1.6MB

Size: 32KB - Virtual size: 32KB

Size: 112KB - Virtual size: 112KB

Size: 44KB - Virtual size: 44KB

.imports Size: 4KB - Virtual size: 4KB

.tls Size: 4KB - Virtual size: 4KB

.themida Size: 6.1MB - Virtual size: 6.1MB

.boot Size: 3.6MB - Virtual size: 3.6MB

.reloc Size: 4KB - Virtual size: 4KB

.taggant Size: 16KB - Virtual size: 16KB

.imports
Size: 4KB - Virtual size: 4KB

.tls
Size: 4KB - Virtual size: 4KB

.themida
Size: 6.1MB - Virtual size: 6.1MB

.boot
Size: 3.6MB - Virtual size: 3.6MB

.reloc
Size: 4KB - Virtual size: 4KB

.taggant
Size: 16KB - Virtual size: 16KB