General
-
Target
blackcap.exe
-
Size
18.0MB
-
Sample
230204-xalpmseb36
-
MD5
ae515bd03dc8cee038f9c9b8cece41af
-
SHA1
a0d18cccc4aac544348ef9288c4668ea63db04ea
-
SHA256
7556c0211e3fb8bf3f4d2861b66ad572d9626331a1957722d9211cdcabafd946
-
SHA512
c7824b35a118dad3b2f9c76755c8100f935a782255cb954fda0b814593f847d0355b415da4a9e21a47f19e752238b066084752d8ffa36e71412c82ac64c39a59
-
SSDEEP
393216:yu7L/OtASFuldQuslN/m3pDl9AJ4ZoWOv+9fPV4aEs8JaKCYYA:yCLuFydQu4KRS4ZorvS31ClCd
Behavioral task
behavioral1
Sample
blackcap.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
blackcap.exe
-
Size
18.0MB
-
MD5
ae515bd03dc8cee038f9c9b8cece41af
-
SHA1
a0d18cccc4aac544348ef9288c4668ea63db04ea
-
SHA256
7556c0211e3fb8bf3f4d2861b66ad572d9626331a1957722d9211cdcabafd946
-
SHA512
c7824b35a118dad3b2f9c76755c8100f935a782255cb954fda0b814593f847d0355b415da4a9e21a47f19e752238b066084752d8ffa36e71412c82ac64c39a59
-
SSDEEP
393216:yu7L/OtASFuldQuslN/m3pDl9AJ4ZoWOv+9fPV4aEs8JaKCYYA:yCLuFydQu4KRS4ZorvS31ClCd
-
Drops startup file
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-