7556c0211e3fb8bf3f4d2861b66ad572d9626331a1957722d9211cdcabafd946 | Triage

Sharing

General

Target

blackcap.exe
Size

18.0MB
Sample

230204-xalpmseb36
MD5

ae515bd03dc8cee038f9c9b8cece41af
SHA1

a0d18cccc4aac544348ef9288c4668ea63db04ea
SHA256

7556c0211e3fb8bf3f4d2861b66ad572d9626331a1957722d9211cdcabafd946
SHA512

c7824b35a118dad3b2f9c76755c8100f935a782255cb954fda0b814593f847d0355b415da4a9e21a47f19e752238b066084752d8ffa36e71412c82ac64c39a59
SSDEEP

393216:yu7L/OtASFuldQuslN/m3pDl9AJ4ZoWOv+9fPV4aEs8JaKCYYA:yCLuFydQu4KRS4ZorvS31ClCd

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  blackcap.exe
- Size
  
  18.0MB
- MD5
  
  ae515bd03dc8cee038f9c9b8cece41af
- SHA1
  
  a0d18cccc4aac544348ef9288c4668ea63db04ea
- SHA256
  
  7556c0211e3fb8bf3f4d2861b66ad572d9626331a1957722d9211cdcabafd946
- SHA512
  
  c7824b35a118dad3b2f9c76755c8100f935a782255cb954fda0b814593f847d0355b415da4a9e21a47f19e752238b066084752d8ffa36e71412c82ac64c39a59
- SSDEEP
  
  393216:yu7L/OtASFuldQuslN/m3pDl9AJ4ZoWOv+9fPV4aEs8JaKCYYA:yCLuFydQu4KRS4ZorvS31ClCd
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2