ScreenShot
| Created | 2021.04.05 14:32 | Machine | s1_win7_x6402 |
| Filename | lukkeze.best.exe | ||
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 50 detected (malicious, high confidence, Doina, Unsafe, Save, confidence, ZexaF, qGX@a4HRDMj, Eldorado, Attribute, HighConfidence, TrojanX, FickerStealer, Zudochka, CLOUD, SMTH, Score, egzae, kcloud, R352614, GenericRXMH, ai score=85, BScope, Aish, GdSda, HgIASSAA) | ||
| md5 | 7f1bd38647745b87464b8c696519bfc6 | ||
| sha256 | 7919bd3d8ee49fb1803f25bd73682f5fde4164ad6523069054a0ecbfb48fdb81 | ||
| ssdeep | 6144:95Y7JfHLNO7tYoUTbG14uS3Gl2TKcii5HS4bH:g7JDYaouvuUGk5JH | ||
| imphash | cb664df5fa904736e15ac44ff006d780 | ||
| impfuzzy | 48:C1lxEXJGQjkoqtyuQ0cgugV9vlmcVu04rzCF/:C1lxGJGKRqtyxSugV3mcV2g | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 50 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Looks up the external IP address |
| notice | Performs some HTTP requests |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (12cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Ficker_Stealer_Zero | Ficker Stealer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasOverlay | Overlay Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | network_dns | Communications use DNS | binaries (upload) |
| info | network_tcp_listen | Listen for incoming communication | binaries (upload) |
| info | network_tcp_socket | Communications over RAW socket | binaries (upload) |
| info | screenshot | Take screenshot | binaries (upload) |
| info | Str_Win32_Winsock2_Library | Match Winsock 2 API library declaration | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
| info | win_registry | Affect system registries | binaries (upload) |
Network (5cnts) ?
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4442b4 GetCurrentProcess
0x4442b8 GetCurrentProcessId
0x4442bc GetCurrentThreadId
0x4442c0 GetTickCount
0x4442c4 QueryPerformanceCounter
0x4442c8 TerminateProcess
0x4442cc UnhandledExceptionFilter
0x4442d0 VirtualProtect
0x4442d4 VirtualQuery
msvcrt.dll
0x4442dc __getmainargs
0x4442e0 __initenv
0x4442e4 __lconv_init
0x4442e8 __p__acmdln
0x4442ec __p__fmode
0x4442f0 __set_app_type
0x4442f4 __setusermatherr
0x4442f8 _amsg_exit
0x4442fc _cexit
0x444300 _fmode
0x444304 _fpreset
0x444308 _initterm
0x44430c _iob
0x444310 _onexit
0x444314 abort
0x444318 calloc
0x44431c exit
0x444320 fprintf
0x444324 free
0x444328 fwrite
0x44432c malloc
0x444330 memcmp
0x444334 memcpy
0x444338 memmove
0x44433c memset
0x444340 signal
0x444344 strlen
0x444348 strncmp
0x44434c vfprintf
WS2_32.dll
0x444354 WSACleanup
0x444358 WSAGetLastError
0x44435c WSASocketW
0x444360 WSAStartup
0x444364 closesocket
0x444368 connect
0x44436c freeaddrinfo
0x444370 getaddrinfo
0x444374 ioctlsocket
0x444378 recv
0x44437c send
0x444380 setsockopt
0x444384 shutdown
ADVAPI32.dll
0x44438c RegCloseKey
0x444390 RegEnumKeyExW
0x444394 RegOpenKeyExW
0x444398 RegQueryInfoKeyW
0x44439c RegQueryValueExW
CRYPT32.dll
0x4443a4 CryptUnprotectData
GDI32.dll
0x4443ac BitBlt
0x4443b0 CreateCompatibleDC
0x4443b4 CreateDIBSection
0x4443b8 DeleteObject
0x4443bc GetCurrentObject
0x4443c0 GetObjectW
0x4443c4 SelectObject
KERNEL32.dll
0x4443cc CloseHandle
0x4443d0 CreateDirectoryW
0x4443d4 CreateFileW
0x4443d8 CreateProcessA
0x4443dc CreateToolhelp32Snapshot
0x4443e0 DeleteCriticalSection
0x4443e4 DeviceIoControl
0x4443e8 EnterCriticalSection
0x4443ec FindClose
0x4443f0 FindFirstFileW
0x4443f4 FindNextFileW
0x4443f8 FormatMessageW
0x4443fc GetComputerNameW
0x444400 GetConsoleMode
0x444404 GetEnvironmentVariableW
0x444408 GetFileInformationByHandle
0x44440c GetLastError
0x444410 GetLocaleInfoW
0x444414 GetModuleFileNameW
0x444418 GetModuleHandleW
0x44441c GetProcAddress
0x444420 GetProcessHeap
0x444424 GetStartupInfoA
0x444428 GetStdHandle
0x44442c GetSystemInfo
0x444430 GetSystemTimeAsFileTime
0x444434 GetTempPathW
0x444438 GetTimeZoneInformation
0x44443c GetUserDefaultLocaleName
0x444440 GlobalMemoryStatusEx
0x444444 HeapAlloc
0x444448 HeapFree
0x44444c HeapReAlloc
0x444450 InitializeCriticalSection
0x444454 LeaveCriticalSection
0x444458 LoadLibraryA
0x44445c LocalFree
0x444460 Process32First
0x444464 Process32Next
0x444468 ReadFile
0x44446c SetFilePointerEx
0x444470 SetHandleInformation
0x444474 SetLastError
0x444478 SetUnhandledExceptionFilter
0x44447c Sleep
0x444480 TlsAlloc
0x444484 TlsGetValue
0x444488 TlsSetValue
0x44448c WriteConsoleW
0x444490 WriteFile
USER32.dll
0x444498 EnumDisplayDevicesW
0x44449c GetDC
0x4444a0 GetDesktopWindow
0x4444a4 GetKeyboardLayoutList
0x4444a8 GetSystemMetrics
0x4444ac GetWindowRect
EAT(Export Address Table) is none
KERNEL32.dll
0x4442b4 GetCurrentProcess
0x4442b8 GetCurrentProcessId
0x4442bc GetCurrentThreadId
0x4442c0 GetTickCount
0x4442c4 QueryPerformanceCounter
0x4442c8 TerminateProcess
0x4442cc UnhandledExceptionFilter
0x4442d0 VirtualProtect
0x4442d4 VirtualQuery
msvcrt.dll
0x4442dc __getmainargs
0x4442e0 __initenv
0x4442e4 __lconv_init
0x4442e8 __p__acmdln
0x4442ec __p__fmode
0x4442f0 __set_app_type
0x4442f4 __setusermatherr
0x4442f8 _amsg_exit
0x4442fc _cexit
0x444300 _fmode
0x444304 _fpreset
0x444308 _initterm
0x44430c _iob
0x444310 _onexit
0x444314 abort
0x444318 calloc
0x44431c exit
0x444320 fprintf
0x444324 free
0x444328 fwrite
0x44432c malloc
0x444330 memcmp
0x444334 memcpy
0x444338 memmove
0x44433c memset
0x444340 signal
0x444344 strlen
0x444348 strncmp
0x44434c vfprintf
WS2_32.dll
0x444354 WSACleanup
0x444358 WSAGetLastError
0x44435c WSASocketW
0x444360 WSAStartup
0x444364 closesocket
0x444368 connect
0x44436c freeaddrinfo
0x444370 getaddrinfo
0x444374 ioctlsocket
0x444378 recv
0x44437c send
0x444380 setsockopt
0x444384 shutdown
ADVAPI32.dll
0x44438c RegCloseKey
0x444390 RegEnumKeyExW
0x444394 RegOpenKeyExW
0x444398 RegQueryInfoKeyW
0x44439c RegQueryValueExW
CRYPT32.dll
0x4443a4 CryptUnprotectData
GDI32.dll
0x4443ac BitBlt
0x4443b0 CreateCompatibleDC
0x4443b4 CreateDIBSection
0x4443b8 DeleteObject
0x4443bc GetCurrentObject
0x4443c0 GetObjectW
0x4443c4 SelectObject
KERNEL32.dll
0x4443cc CloseHandle
0x4443d0 CreateDirectoryW
0x4443d4 CreateFileW
0x4443d8 CreateProcessA
0x4443dc CreateToolhelp32Snapshot
0x4443e0 DeleteCriticalSection
0x4443e4 DeviceIoControl
0x4443e8 EnterCriticalSection
0x4443ec FindClose
0x4443f0 FindFirstFileW
0x4443f4 FindNextFileW
0x4443f8 FormatMessageW
0x4443fc GetComputerNameW
0x444400 GetConsoleMode
0x444404 GetEnvironmentVariableW
0x444408 GetFileInformationByHandle
0x44440c GetLastError
0x444410 GetLocaleInfoW
0x444414 GetModuleFileNameW
0x444418 GetModuleHandleW
0x44441c GetProcAddress
0x444420 GetProcessHeap
0x444424 GetStartupInfoA
0x444428 GetStdHandle
0x44442c GetSystemInfo
0x444430 GetSystemTimeAsFileTime
0x444434 GetTempPathW
0x444438 GetTimeZoneInformation
0x44443c GetUserDefaultLocaleName
0x444440 GlobalMemoryStatusEx
0x444444 HeapAlloc
0x444448 HeapFree
0x44444c HeapReAlloc
0x444450 InitializeCriticalSection
0x444454 LeaveCriticalSection
0x444458 LoadLibraryA
0x44445c LocalFree
0x444460 Process32First
0x444464 Process32Next
0x444468 ReadFile
0x44446c SetFilePointerEx
0x444470 SetHandleInformation
0x444474 SetLastError
0x444478 SetUnhandledExceptionFilter
0x44447c Sleep
0x444480 TlsAlloc
0x444484 TlsGetValue
0x444488 TlsSetValue
0x44448c WriteConsoleW
0x444490 WriteFile
USER32.dll
0x444498 EnumDisplayDevicesW
0x44449c GetDC
0x4444a0 GetDesktopWindow
0x4444a4 GetKeyboardLayoutList
0x4444a8 GetSystemMetrics
0x4444ac GetWindowRect
EAT(Export Address Table) is none