blackguard | 18db274624914ee6388bda20233db28307be4873bc053e05ad8f6761b217136f | Triage

Sharing

General

Target

cleaner.exe
Size

2.6MB
Sample

220306-pg6z6aaea9
MD5

ff8969d4de3b577608c602242d1caa06
SHA1

150b893f1b1a8ffefdbcea281bf33fa444c7a46f
SHA256

18db274624914ee6388bda20233db28307be4873bc053e05ad8f6761b217136f
SHA512

02282eae328f02d18f22620b83fb0e4b4202e61a4243fbcc1064ed75c39f87fe3706f22f7b551da3154461e13b4bb6dcbdbaaf2c231cb5234881f60a7366cab9

Score

10^/10

blackguard spyware stealer

Malware Config

Extracted

Family

blackguard

C2

https://api.telegram.org/bot1840568117:AAGlvKQeSfXkObSE7__yYc5jM9o8qSrkFUw/sendMessage?chat_id=1039923904

Targets

- Target
  
  cleaner.exe
- Size
  
  2.6MB
- MD5
  
  ff8969d4de3b577608c602242d1caa06
- SHA1
  
  150b893f1b1a8ffefdbcea281bf33fa444c7a46f
- SHA256
  
  18db274624914ee6388bda20233db28307be4873bc053e05ad8f6761b217136f
- SHA512
  
  02282eae328f02d18f22620b83fb0e4b4202e61a4243fbcc1064ed75c39f87fe3706f22f7b551da3154461e13b4bb6dcbdbaaf2c231cb5234881f60a7366cab9
Score

10^/10

blackguard spyware stealer
- BlackGuard
  Infostealer first seen in Late 2021.
  stealer blackguard
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

blackguardspywarestealer

behavioral2

blackguardspywarestealer