blackguard | 5b8d0e358948f885ad1e6fa854f637c1e30036bc217f2c7f2579a8782d472cda | Triage

Sharing

General

Target

cleaner.exe
Size

4.3MB
Sample

220306-py3n3accbm
MD5

ef8385f6ccc6dc6aa6fa9833e13c1cf3
SHA1

2fe6c0b8cef78d409d29fbd0d1260f39874b068e
SHA256

5b8d0e358948f885ad1e6fa854f637c1e30036bc217f2c7f2579a8782d472cda
SHA512

2efe1baab3b815baf2f45acca6afc3e2692cb2fa7e4806515f4376a43ad17f474551dcee87c03f65fe99ca553c79140ba6d35193753800bbeb0e3c27f2a9bbeb

Score

10^/10

blackguard spyware stealer

Malware Config

Extracted

Family

blackguard

C2

https://api.telegram.org/bot1840568117:AAGlvKQeSfXkObSE7__yYc5jM9o8qSrkFUw/sendMessage?chat_id=1039923904

Targets

- Target
  
  cleaner.exe
- Size
  
  4.3MB
- MD5
  
  ef8385f6ccc6dc6aa6fa9833e13c1cf3
- SHA1
  
  2fe6c0b8cef78d409d29fbd0d1260f39874b068e
- SHA256
  
  5b8d0e358948f885ad1e6fa854f637c1e30036bc217f2c7f2579a8782d472cda
- SHA512
  
  2efe1baab3b815baf2f45acca6afc3e2692cb2fa7e4806515f4376a43ad17f474551dcee87c03f65fe99ca553c79140ba6d35193753800bbeb0e3c27f2a9bbeb
Score

10^/10

blackguard spyware stealer
- BlackGuard
  Infostealer first seen in Late 2021.
  stealer blackguard
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

blackguardspywarestealer

behavioral2

blackguardspywarestealer