blackguard | suspicious[.]zip | Triage

Submit
Reports

Overview

overview

Static

static

suspicious.exe

windows7-x64

suspicious.exe

windows10-2004-x64

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

suspicious.exe

Resource

win7-20221111-en

blackguard stealer

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

suspicious.exe

Resource

win10v2004-20220812-en

blackguard stealer

windows10-2004-x64

3 signatures

150 seconds

General

Target

suspicious.zip
Size

1.6MB
MD5

cb8e6999d2f3f31669f62fc1b629aed8
SHA1

b01e4f036aa25ae2ec9320e3efe37de7e97599a3
SHA256

8103180d40cccad7d6a069b0860ace5ba8340047b8572519ea486ffdf8708b0d
SHA512

2608e81969c00b2d2014b7c1ae6507f9ba4a623cea04474966cffcf2ff452a11cca084e4f5a3c28747bbcbd235740d10cbc94f1871c04f1b5178ee69d51a6b3f
SSDEEP

49152:oQN5EZmy0LmUNv7Ym30XDMaUJEAav62L7ur8U5f:oQNbyxUZYmUDcAvmrv

Score

10^/10

blackguard

Malware Config

Extracted

Family

blackguard

C2

https://win.mirtonewbacker.com/

Signatures

Blackguard family
blackguard

Files

suspicious.zip
.zip

Password: infected
suspicious.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy