blackguard | f2d25cb96d3411e4696f8f5401cb8f1af0d83bf3c6b69f511f1a694b1a86b74d | Triage

Sharing

General

Target

f2d25cb96d3411e4696f8f5401cb8f1af0d83bf3c6b69f511f1a694b1a86b74d.bin
Size

1.9MB
Sample

220214-sjtpdsbaep
MD5

2d28df44857d0be0b1ca1e5b4987894e
SHA1

a442fa9d272cfdbbcb406c8ef02c9a5d669c6fed
SHA256

f2d25cb96d3411e4696f8f5401cb8f1af0d83bf3c6b69f511f1a694b1a86b74d
SHA512

7a6b19655597832c7c75518fe7f01f9916b30d70b61b0d617e93fb3209aafc2ce99687e0dcbaea3d46ac68f315a43a8fd7308dfd215854f706c7ebe9c0518d5a

Score

10^/10

blackguard collection spyware stealer

Malware Config

Extracted

Family

blackguard

C2

https://onetwostep.at/

Targets

- Target
  
  f2d25cb96d3411e4696f8f5401cb8f1af0d83bf3c6b69f511f1a694b1a86b74d.bin
- Size
  
  1.9MB
- MD5
  
  2d28df44857d0be0b1ca1e5b4987894e
- SHA1
  
  a442fa9d272cfdbbcb406c8ef02c9a5d669c6fed
- SHA256
  
  f2d25cb96d3411e4696f8f5401cb8f1af0d83bf3c6b69f511f1a694b1a86b74d
- SHA512
  
  7a6b19655597832c7c75518fe7f01f9916b30d70b61b0d617e93fb3209aafc2ce99687e0dcbaea3d46ac68f315a43a8fd7308dfd215854f706c7ebe9c0518d5a
Score

10^/10

blackguard collection spyware stealer
- BlackGuard
  Infostealer first seen in Late 2021.
  stealer blackguard
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackguardcollectionspywarestealer

behavioral2

blackguardcollectionspywarestealer