Overview

overview

10

Static

static

kyrrtuyd.exe

windows7_x64

10

kyrrtuyd.exe

windows10-2004_x64

3

Resubmissions

13-09-2022 07:28

220913-jarc8sfac7 3

08-07-2022 12:13

220708-pd344acdbk 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    kyrrtuyd.exe

  • Size

    2.7MB

  • Sample

    220708-pd344acdbk

  • MD5

    ea1b1668c8c83691ab1d0fcfda35f113

  • SHA1

    a936e2ba04c4a307c32fec7c5bd146459c60b722

  • SHA256

    da81995799de9fc062c9add3ada7e0127ee8bf7d7c8c7cc04fd4915b743f6210

  • SHA512

    9e176eb86cdff5a06edba1aa6689047688ac1e25a61a5d79cfb2b78276e45996439a85938f0cd978cfe75941e14236f298807eb950cabdf227829e4d23948527

Score
10/10
blackguardcollectionpersistencespywarestealer

Malware Config

Targets

    • Target

      kyrrtuyd.exe

    • Size

      2.7MB

    • MD5

      ea1b1668c8c83691ab1d0fcfda35f113

    • SHA1

      a936e2ba04c4a307c32fec7c5bd146459c60b722

    • SHA256

      da81995799de9fc062c9add3ada7e0127ee8bf7d7c8c7cc04fd4915b743f6210

    • SHA512

      9e176eb86cdff5a06edba1aa6689047688ac1e25a61a5d79cfb2b78276e45996439a85938f0cd978cfe75941e14236f298807eb950cabdf227829e4d23948527

    Score
    10/10
    blackguardcollectionpersistencespywarestealer

    • BlackGuard

      Infostealer first seen in Late 2021.

      stealerblackguard

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks