Extracted

• • Target

    2dc776fafcf2ec1726ffd33c35ffaf9817239be5d07806c01836ffc59ce58cf1

  • Size

    1.1MB

  • MD5

    5294515d332fdf4856615e93c651a32c

  • SHA1

    fca7e3007b4c36180c9f1600146debb213d98636

  • SHA256

    2dc776fafcf2ec1726ffd33c35ffaf9817239be5d07806c01836ffc59ce58cf1

  • SHA512

    c9858d4b7abb62e177b580a7c14ef1e480efcecd5db77b698261659385f008dd1adca18506582ef86b8f59741200334cc1974f1d3f735760385838e6f99526ea

  • SSDEEP

    24576:G93qteMbpHjNgtTOZupWzrpn0MfFYPjNo30rIqEm9:839gljNgdOtzFn0MfyP2SIqZ

  Score

  10^/10

  blackguardspywarestealer

  • BlackGuard

    Infostealer first seen in Late 2021.

    stealerblackguard

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2