blackguard | 4f4d29507bafc223646d98f5fed78d52dd96caeee2072ff17b15718b45a1811f | Triage

Sharing

General

Target

Leane.exe
Size

3.9MB
Sample

220306-n47drsadh8
MD5

52e57511266c3b3089a611b86c0468b9
SHA1

33ca900b6eb2a7011fe9e2317cf66a0854788795
SHA256

4f4d29507bafc223646d98f5fed78d52dd96caeee2072ff17b15718b45a1811f
SHA512

428daf6a25c7120a3a19f4adf54518907a4095e76383046cc24ae34bbdd34c9ffbe46219757d869cbbaed6e5965a6851cbe5d944c35f8052a4acfc933b4bbd86

Score

10^/10

blackguard spyware stealer

Malware Config

Extracted

Family

blackguard

C2

https://api.telegram.org/bot1840568117:AAGlvKQeSfXkObSE7__yYc5jM9o8qSrkFUw/sendMessage?chat_id=1039923904

Targets

- Target
  
  Leane.exe
- Size
  
  3.9MB
- MD5
  
  52e57511266c3b3089a611b86c0468b9
- SHA1
  
  33ca900b6eb2a7011fe9e2317cf66a0854788795
- SHA256
  
  4f4d29507bafc223646d98f5fed78d52dd96caeee2072ff17b15718b45a1811f
- SHA512
  
  428daf6a25c7120a3a19f4adf54518907a4095e76383046cc24ae34bbdd34c9ffbe46219757d869cbbaed6e5965a6851cbe5d944c35f8052a4acfc933b4bbd86
Score

10^/10

blackguard spyware stealer
- BlackGuard
  Infostealer first seen in Late 2021.
  stealer blackguard
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackguardspywarestealer

behavioral2

blackguardspywarestealer