blackguard | b16bb8ce89c42e0f48deb5ba2a8b5c7495c8702c7c2c5c0af7d38739f6281ebb | Triage

Submit
Reports

Overview

overview

Static

static

5

b16bb8ce89...bb.exe

windows7_x64

b16bb8ce89...bb.exe

windows10-2004_x64

Resubmissions

29-03-2022 22:33

220329-2ghzjsgchj 10

Sharing

General

Target

b16bb8ce89c42e0f48deb5ba2a8b5c7495c8702c7c2c5c0af7d38739f6281ebb
Size

989KB
Sample

220329-2ghzjsgchj
MD5

118886bd493a37257b963fe26805f516
SHA1

2f61fcbebaca2ffe7b41a63adefad83ec04fb94b
SHA256

b16bb8ce89c42e0f48deb5ba2a8b5c7495c8702c7c2c5c0af7d38739f6281ebb
SHA512

c3753e98a9e2a70fec6d9573c74c70af665e82b5234bfb4ba7fa9a4160b255c3fa2a1328e41ec3d7569bdbd02e078e84181007d4b8f7818c6acf9c67c1157628

Score

10^/10

blackguard persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

b16bb8ce89c42e0f48deb5ba2a8b5c7495c8702c7c2c5c0af7d38739f6281ebb.exe

Resource

win7-20220311-en

blackguard spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

b16bb8ce89c42e0f48deb5ba2a8b5c7495c8702c7c2c5c0af7d38739f6281ebb.exe

Resource

win10v2004-20220310-en

blackguard persistence spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  b16bb8ce89c42e0f48deb5ba2a8b5c7495c8702c7c2c5c0af7d38739f6281ebb
- Size
  
  989KB
- MD5
  
  118886bd493a37257b963fe26805f516
- SHA1
  
  2f61fcbebaca2ffe7b41a63adefad83ec04fb94b
- SHA256
  
  b16bb8ce89c42e0f48deb5ba2a8b5c7495c8702c7c2c5c0af7d38739f6281ebb
- SHA512
  
  c3753e98a9e2a70fec6d9573c74c70af665e82b5234bfb4ba7fa9a4160b255c3fa2a1328e41ec3d7569bdbd02e078e84181007d4b8f7818c6acf9c67c1157628
Score

10^/10

blackguard spyware stealer persistence
- BlackGuard
  Infostealer first seen in Late 2021.
  stealer blackguard
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

blackguardspywarestealer

behavioral2

blackguardpersistencespywarestealer

© 2018-2025

Terms | Privacy