General

  • Target

    f2d25cb96d3411e4696f8f5401cb8f1af0d83bf3c6b69f511f1a694b1a86b74d.bin

  • Size

    1MB

  • Sample

    220214-sjtpdsbaep

  • MD5

    2d28df44857d0be0b1ca1e5b4987894e

  • SHA1

    a442fa9d272cfdbbcb406c8ef02c9a5d669c6fed

  • SHA256

    f2d25cb96d3411e4696f8f5401cb8f1af0d83bf3c6b69f511f1a694b1a86b74d

  • SHA512

    7a6b19655597832c7c75518fe7f01f9916b30d70b61b0d617e93fb3209aafc2ce99687e0dcbaea3d46ac68f315a43a8fd7308dfd215854f706c7ebe9c0518d5a

Malware Config

Extracted

Family

blackguard

C2

https://onetwostep.at/

Targets

    • Target

      f2d25cb96d3411e4696f8f5401cb8f1af0d83bf3c6b69f511f1a694b1a86b74d.bin

    • Size

      1MB

    • MD5

      2d28df44857d0be0b1ca1e5b4987894e

    • SHA1

      a442fa9d272cfdbbcb406c8ef02c9a5d669c6fed

    • SHA256

      f2d25cb96d3411e4696f8f5401cb8f1af0d83bf3c6b69f511f1a694b1a86b74d

    • SHA512

      7a6b19655597832c7c75518fe7f01f9916b30d70b61b0d617e93fb3209aafc2ce99687e0dcbaea3d46ac68f315a43a8fd7308dfd215854f706c7ebe9c0518d5a

    • BlackGuard

      Infostealer first seen in Late 2021.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Tasks