blackguard | c1237d0e517abc7cd15bb55110196247b1f6ec397c28b8b2bdfba86dc5c8805f | Triage

Submit
Reports

Overview

overview

Static

static

buijp.exe

windows7_x64

buijp.exe

windows10-2004_x64

Sharing

General

Target

buijp.exe
Size

1.5MB
Sample

220306-n1r5nsadh6
MD5

d9dd93dbce60481ae945dd6b9ba3e830
SHA1

a01dd4dbe77a99de0cdcc3c2830641ff79a2d892
SHA256

c1237d0e517abc7cd15bb55110196247b1f6ec397c28b8b2bdfba86dc5c8805f
SHA512

8c48538a643fef1811689af9a893527776c501e9ed40223528ab80901be2a182f326c0be13dcfe1e30f14f69f77323ab8138728bc3ef4ae77c40e17a1c505c46

Score

10^/10

blackguard spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

buijp.exe

Resource

win7-20220223-en

blackguard spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

buijp.exe

Resource

win10v2004-en-20220113

blackguard spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

blackguard

C2

https://api.telegram.org/bot5000057429:AAGzxzARC3DPcOsfaw0jKHEyHfyEfZqVYQM/sendMessage?chat_id=1283089701

Targets

- Target
  
  buijp.exe
- Size
  
  1.5MB
- MD5
  
  d9dd93dbce60481ae945dd6b9ba3e830
- SHA1
  
  a01dd4dbe77a99de0cdcc3c2830641ff79a2d892
- SHA256
  
  c1237d0e517abc7cd15bb55110196247b1f6ec397c28b8b2bdfba86dc5c8805f
- SHA512
  
  8c48538a643fef1811689af9a893527776c501e9ed40223528ab80901be2a182f326c0be13dcfe1e30f14f69f77323ab8138728bc3ef4ae77c40e17a1c505c46
Score

10^/10

blackguard spyware stealer
- BlackGuard
  Infostealer first seen in Late 2021.
  stealer blackguard
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

blackguardspywarestealer

behavioral2

blackguardspywarestealer

© 2018-2024

Terms | Privacy