blackguard | 7a16c2b2c3a81b375c1fb4552dd32bc2d3a84aa1d6e644cd20c07ad220c83e5f | Triage

Submit
Reports

Overview

overview

Static

static

7a16c2b2c3...5f.exe

windows10-2004-x64

Sharing

General

Target

7a16c2b2c3a81b375c1fb4552dd32bc2d3a84aa1d6e644cd20c07ad220c83e5f
Size

396KB
Sample

240617-t8t7wszenk
MD5

51c1bc9607fc8496a6aa6c8613dd022a
SHA1

6d2a4f6056d51ae6b6171b42cc16713c5f6bedb9
SHA256

7a16c2b2c3a81b375c1fb4552dd32bc2d3a84aa1d6e644cd20c07ad220c83e5f
SHA512

274b0c18c57511d46d160fe675f3d69b7fed716ec4ccb81b89ba3b751fa1f8b014416b7af2e7564fecf2f88bb27e143c1b61bd9097db30f29f689c4ad9b5002e
SSDEEP

6144:bbODqpwPEuxGH6OrwX3pwzZwEq7EtE6rBpgw6Om92BUz7BJwaPEqrPlTu3q:byPPDLOrwX3pwzZwoB7M2uvfwARaq

Score

10^/10

blackguard spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

7a16c2b2c3a81b375c1fb4552dd32bc2d3a84aa1d6e644cd20c07ad220c83e5f.exe

Resource

win10v2004-20240508-en

blackguard spyware stealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

blackguard

C2

https://api.telegram.org/bot6948010821:AAEJfl5iNgu_Z6rr2SH3SeV22wpex-Pltwo/sendMessage?chat_id=6841140670

Targets

- Target
  
  7a16c2b2c3a81b375c1fb4552dd32bc2d3a84aa1d6e644cd20c07ad220c83e5f
- Size
  
  396KB
- MD5
  
  51c1bc9607fc8496a6aa6c8613dd022a
- SHA1
  
  6d2a4f6056d51ae6b6171b42cc16713c5f6bedb9
- SHA256
  
  7a16c2b2c3a81b375c1fb4552dd32bc2d3a84aa1d6e644cd20c07ad220c83e5f
- SHA512
  
  274b0c18c57511d46d160fe675f3d69b7fed716ec4ccb81b89ba3b751fa1f8b014416b7af2e7564fecf2f88bb27e143c1b61bd9097db30f29f689c4ad9b5002e
- SSDEEP
  
  6144:bbODqpwPEuxGH6OrwX3pwzZwEq7EtE6rBpgw6Om92BUz7BJwaPEqrPlTu3q:byPPDLOrwX3pwzZwoB7M2uvfwARaq
Score

10^/10

blackguard spyware stealer
- BlackGuard
  Infostealer first seen in Late 2021.
  stealer blackguard
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

blackguardspywarestealer

© 2018-2024

Terms | Privacy