blackguard | 41f44fdc7eb02120732d137d63c0d4783c29d1776b019418ce603dbf57211fcc | Triage

Submit
Reports

Overview

overview

Static

static

3

PacketActivation.exe

windows7-x64

PacketActivation.exe

windows10-2004-x64

Sharing

General

Target

PacketActivation.exe
Size

4.1MB
Sample

240611-ksgges1hnl
MD5

87fa0fe0593a2ef299681a633404dd7d
SHA1

bc9013fa509f6c4ed023d9e8abc7a6e93815e6c5
SHA256

41f44fdc7eb02120732d137d63c0d4783c29d1776b019418ce603dbf57211fcc
SHA512

94e471f564bf5769f97645c8e29a7e8b9d8bffa18961709ea55e8e7bc5ca63607d0e00c0ab39a1c52cac7748827963db6a23ebd4e83dbe812fec38bc1dfac4f5
SSDEEP

98304:qNHUrw3RvYaqAhL8l+4gq5weeAtEkQM/BGPI4TEJeM4f19D:qFUsYaXhL6M5OEQbeZD

Score

10^/10

blackguard spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

PacketActivation.exe

Resource

win7-20240221-en

blackguard spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

PacketActivation.exe

Resource

win10v2004-20240508-en

blackguard spyware stealer

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

blackguard

C2

https://api.telegram.org/bot7140928156:AAEztW6njaBSBQenLVfrMSGqlfVmVwIcmu4/sendMessage?chat_id=6264855427

Targets

- Target
  
  PacketActivation.exe
- Size
  
  4.1MB
- MD5
  
  87fa0fe0593a2ef299681a633404dd7d
- SHA1
  
  bc9013fa509f6c4ed023d9e8abc7a6e93815e6c5
- SHA256
  
  41f44fdc7eb02120732d137d63c0d4783c29d1776b019418ce603dbf57211fcc
- SHA512
  
  94e471f564bf5769f97645c8e29a7e8b9d8bffa18961709ea55e8e7bc5ca63607d0e00c0ab39a1c52cac7748827963db6a23ebd4e83dbe812fec38bc1dfac4f5
- SSDEEP
  
  98304:qNHUrw3RvYaqAhL8l+4gq5weeAtEkQM/BGPI4TEJeM4f19D:qFUsYaXhL6M5OEQbeZD
Score

10^/10

blackguard spyware stealer
- BlackGuard
  Infostealer first seen in Late 2021.
  stealer blackguard
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

blackguardspywarestealer

behavioral2

blackguardspywarestealer

© 2018-2024

Terms | Privacy