blackguard | 62416ed5c114e347643b51879ee8a75e8a871ab7c02679402f99aaf697e9f9e8 | Triage

Sharing

General

Target

cleaner.exe
Size

6.0MB
Sample

220306-pfgzmscbgr
MD5

13fa56ab5b3bd88a84aa8d2ca32de8fb
SHA1

efa1edcfb626cc61a48df4c942e2d023191d90a9
SHA256

62416ed5c114e347643b51879ee8a75e8a871ab7c02679402f99aaf697e9f9e8
SHA512

e71d244e24c4aa8ff42968b9c4135b605554a7384cd96e22a8ba0616289f7ba06cce20e1f738d8782397df965cb1f8bd93d2b4c3344b2e35f734ed7ee54cda8e

Score

10^/10

blackguard spyware stealer

Malware Config

Extracted

Family

blackguard

C2

https://api.telegram.org/bot1840568117:AAGlvKQeSfXkObSE7__yYc5jM9o8qSrkFUw/sendMessage?chat_id=1039923904

Targets

- Target
  
  cleaner.exe
- Size
  
  6.0MB
- MD5
  
  13fa56ab5b3bd88a84aa8d2ca32de8fb
- SHA1
  
  efa1edcfb626cc61a48df4c942e2d023191d90a9
- SHA256
  
  62416ed5c114e347643b51879ee8a75e8a871ab7c02679402f99aaf697e9f9e8
- SHA512
  
  e71d244e24c4aa8ff42968b9c4135b605554a7384cd96e22a8ba0616289f7ba06cce20e1f738d8782397df965cb1f8bd93d2b4c3344b2e35f734ed7ee54cda8e
Score

10^/10

blackguard spyware stealer
- BlackGuard
  Infostealer first seen in Late 2021.
  stealer blackguard
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackguardspywarestealer

behavioral2

blackguardspywarestealer