blackguard | 79c1166d2a8695dfea7fb45d98b2872e8ac8fde129b23d43a72a22928dad8ba4 | Triage

Sharing

General

Target

0x0006000000014af2-71.dat
Size

303KB
Sample

221104-xydzpscagl
MD5

0c430a6beaadb67656b448a524a81fad
SHA1

29fb2ca19abb7d5de7545209d4ee9b9807eda935
SHA256

79c1166d2a8695dfea7fb45d98b2872e8ac8fde129b23d43a72a22928dad8ba4
SHA512

b24b86cbefdf3ba8b56b596ea26102d535e31051a9e7fb26ab566ddf57202755b5f8f132f8500d1d470ce5eda1799f0838ff979765ce6b7edeeb6c97cb6390f3
SSDEEP

6144:h20duBmEN04uQSge+sy0yd80qOtYiRYcNB:h2ZNNx/e+T0l0/tYiRrNB

Score

10^/10

blackguard spyware stealer

Malware Config

Targets

- Target
  
  0x0006000000014af2-71.dat
- Size
  
  303KB
- MD5
  
  0c430a6beaadb67656b448a524a81fad
- SHA1
  
  29fb2ca19abb7d5de7545209d4ee9b9807eda935
- SHA256
  
  79c1166d2a8695dfea7fb45d98b2872e8ac8fde129b23d43a72a22928dad8ba4
- SHA512
  
  b24b86cbefdf3ba8b56b596ea26102d535e31051a9e7fb26ab566ddf57202755b5f8f132f8500d1d470ce5eda1799f0838ff979765ce6b7edeeb6c97cb6390f3
- SSDEEP
  
  6144:h20duBmEN04uQSge+sy0yd80qOtYiRYcNB:h2ZNNx/e+T0l0/tYiRrNB
Score

10^/10

blackguard stealer spyware
- BlackGuard
  Infostealer first seen in Late 2021.
  stealer blackguard
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

blackguardstealer

behavioral2

blackguardspywarestealer