Starcat ransomware[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Starcat ransomware.exe
Size

4.2MB
MD5

0df6cb830d2f8f248ebb420e0473e40b
SHA1

4f89623b972450fac3b320779672003b06fa5d9f
SHA256

9cc7fd79b16ed36fe78d8b6bc9ea5e99bb1fb48a39d6051c3961bf503fd16a24
SHA512

765073189498d4889a18dcd959cec54e4d837a3de249607c8dd4288f2204ba48992cf284afa76fcedf1f6a59954305b37fb0ab99639fca96a643526d16d067a7
SSDEEP

49152:DYIU6iwVwASOuGtlqGz2OiG3NWE8Nsz3QEyB+68eBDN4NoIumzqsRrtYpFGY+uby:L+UaOwENQ3mzROac6t

Score

3^/10

Malware Config

Signatures

Embeds OpenSSL 1 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

resource	yara_rule
sample	embeds_openssl

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Starcat ransomware.exe

Files

Starcat ransomware.exe
.exe windows:5 windows x64 arch:x64

c5ae3ee6b43d848e2878befd49850f26

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetFileSizeEx
WriteFile
FindResourceA
CreateFileW
UnmapViewOfFile
GetModuleHandleA
FreeResource
GetTempPathA
LockResource
DeleteFileW
LoadResource
SetFileAttributesA
CreateFileMappingA
MapViewOfFile
SizeofResource
GetDriveTypeW
GetLogicalDriveStringsW
FindClose
FindNextFileW
FindFirstFileW
GetProcAddress
Process32Next
CreateToolhelp32Snapshot
SetEndOfFile
HeapSize
WriteConsoleW
OpenProcess
TerminateProcess
Process32First
GetProcessHeap
HeapAlloc
HeapFree
GlobalMemoryStatusEx
GetSystemInfo
CreateFileA
ReadFile
GetTickCount
CreateProcessA
GetUserDefaultLCID
Sleep
CreateMutexA
GetModuleFileNameW
GetCurrentProcess
GetModuleFileNameA
FreeLibrary
CloseHandle
LoadLibraryA
GetSystemDirectoryA
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetFullPathNameW
GetCurrentDirectoryW
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
GetCurrentThread
GetExitCodeThread
QueryPerformanceCounter
QueryPerformanceFrequency
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
EncodePointer
DecodePointer
MultiByteToWideChar
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
LocalFree
GetModuleHandleExW
VirtualAlloc
VirtualProtect
VirtualFree
FormatMessageA
GetCurrentProcessId
GetEnvironmentVariableW
GetStdHandle
GetFileType
RtlVirtualUnwind
GetACP
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
InitializeCriticalSection
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreA
LoadLibraryW
GetSystemTime
SystemTimeToFileTime
VirtualQuery
GetLargePageMinimum
GetProcessTimes
GetCurrentProcessorNumber
GetEnvironmentVariableA
GetNumaHighestNodeNumber
GetNumaNodeProcessorMask
GetConsoleScreenBufferInfo
WriteConsoleA
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
CreateTimerQueue
SetEvent
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
GetVersionExW
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwindEx
RtlPcToFileHeader
RaiseException
ExitProcess
ExitThread
SetConsoleCtrlHandler
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
IsValidLocale
EnumSystemLocalesW
FlushFileBuffers
GetConsoleCP
SetFilePointerEx
HeapReAlloc
GetTimeZoneInformation
SetStdHandle
RtlUnwind

user32

GetCursorPos
GetMessageA
DispatchMessageA
GetProcessWindowStation
SystemParametersInfoA
MessageBoxW
GetLastInputInfo
GetSystemMetrics
SetWindowsHookExA
UnhookWindowsHookEx
GetUserObjectInformationW
SendMessageA
TranslateMessage

advapi32

RegCreateKeyExA
RegisterEventSourceW
DeregisterEventSource
EnumDependentServicesA
CloseServiceHandle
OpenSCManagerA
ControlService
QueryServiceStatusEx
OpenServiceA
CryptAcquireContextA
ReadEventLogA
CryptGenRandom
CryptReleaseContext
AdjustTokenPrivileges
RegCloseKey
LookupPrivilegeValueA
CryptAcquireContextW
CloseEventLog
ClearEventLogA
RegSetValueExW
OpenEventLogA
OpenProcessToken
ReportEventW

shell32

SHGetFolderPathA
ShellExecuteA

ole32

CoCreateInstance
CoUninitialize
CoInitializeSecurity
CoInitializeEx

oleaut32

VariantClear
SysAllocString
SysFreeString

iphlpapi

GetNetworkParams

crypt32

CertOpenSystemStoreW
CertFreeCertificateContext
CertCloseStore
CertFindCertificateInStore

ws2_32

sendto
recvfrom
getpeername
ioctlsocket
getsockname
getsockopt
ntohs
select
getservbyport
WSAStartup
WSACleanup
WSAGetLastError
htonl
htons
inet_addr
inet_ntoa
gethostbyaddr
gethostbyname
getservbyname
WSASetLastError
recv
send
closesocket
connect
setsockopt
socket
shutdown

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 877KB - Virtual size: 877KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c5ae3ee6b43d848e2878befd49850f26

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

iphlpapi

crypt32

ws2_32

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 877KB - Virtual size: 877KB

.data Size: 35KB - Virtual size: 76KB

.pdata Size: 119KB - Virtual size: 119KB

.rsrc Size: 144KB - Virtual size: 144KB

.reloc Size: 40KB - Virtual size: 40KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 877KB - Virtual size: 877KB

.data
Size: 35KB - Virtual size: 76KB

.pdata
Size: 119KB - Virtual size: 119KB

.rsrc
Size: 144KB - Virtual size: 144KB

.reloc
Size: 40KB - Virtual size: 40KB