Behavioral task
behavioral1
Sample
2023-12-06_cf77eb608b8cbd4561990f03a69b1901_blackcat.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
2023-12-06_cf77eb608b8cbd4561990f03a69b1901_blackcat.exe
Resource
win10v2004-20231127-en
General
-
Target
2023-12-06_cf77eb608b8cbd4561990f03a69b1901_blackcat
-
Size
3.2MB
-
MD5
cf77eb608b8cbd4561990f03a69b1901
-
SHA1
3b5ce139ed3c0416b9e545c5af8c601e8f49b4e3
-
SHA256
91eb89d81458ff2d14ddb0e1d3fb103f19be85b19d5af2546bcad6f192aca2c4
-
SHA512
0489322bc4ad70d1e2f33474fc1787f6c2cdd1595a9596ddd1765375966396b1fe52a9982d04b6d665c430b9066d0ea8cbb73f22a7c029f401dc7b6694b4e234
-
SSDEEP
49152:cgZXjmtek74RRiYpXOsI1DLoKZniLr9V9vKcYfIBTKbE1B/8JSdgOXV:cgBjC2owOh1foKZor9HfqUH2JagOX
Malware Config
Signatures
-
Blackcat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2023-12-06_cf77eb608b8cbd4561990f03a69b1901_blackcat
Files
-
2023-12-06_cf77eb608b8cbd4561990f03a69b1901_blackcat.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Sections
.text Size: 2.0MB - Virtual size: 2.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 288B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 863KB - Virtual size: 863KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.eh_fram Size: 75KB - Virtual size: 74KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 1KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 84B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE