Analysis
-
max time kernel
85s -
max time network
89s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
23-02-2023 13:56
General
-
Target
08c1b360ad5f727a0660adfa74bd7509.exe
-
Size
237KB
-
MD5
08c1b360ad5f727a0660adfa74bd7509
-
SHA1
43a8d5a55f858ac67b195d2ebebc4ea498686f38
-
SHA256
18c5f62d2fff0705013b83fc5c5c09ad7b9faeddac4bf4c8f2b5bb532f9488de
-
SHA512
9c80b9f3ef2152e391222fb2a88d3d14d1bdfe6de256cf2659282dcc16cf0ff0d27f82500446c3e7375a481a47d39a0aad3d4f8e805dfe67b8e126c75253cfcd
-
SSDEEP
3072:L5IAyZvNOYWO3bAfFFHjBl+Bl2K4eqibSE6czFKJLQPeI/Kh73WmqcSCJLeKgh2B:iAyZvHWbTH1l6RDbDjkIpbs
Malware Config
Extracted
blackguard
https://api.telegram.org/bot5973155151:AAGgQ2GQ_WZVdt1bf_ib5JEZozBNQ7N52ww/sendMessage?chat_id=1870895902
Signatures
-
BlackGuard
Infostealer first seen in Late 2021.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\08c1b360ad5f727a0660adfa74bd7509.exe"C:\Users\Admin\AppData\Local\Temp\08c1b360ad5f727a0660adfa74bd7509.exe"1⤵
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
735B
MD505716938c2f642561081283999956810
SHA1b1071ed0b0904b4eed501ed938bdfff64f722d07
SHA2562bb1cec8a9e6045fe8cd76029261cf20e89055080080b9fbd1a39aab633a6ee3
SHA51222799fbd34ac4128710ed84a8d6d0702ede14926dd354b3edb3c53e90d0a2118752246d24fca67c34a1915a1f177cd6d49cba92b674cbcf92dfec41d64eff7ab
-
Filesize
1KB
MD508f7ef9a01953a80d4bd8d16afe82945
SHA11f2190fe7c0091d6d2c612306d5fb355b5420c69
SHA256627577e2e654d718132fffbc3eaff032afa0a90682ebfb98f3c48c7de668923f
SHA51294e872f56e273079b03b16a138cb5bc00fa9bf9caa75bd8eb2fc06949e2eb396f2d4fa9fa2e225dbea65bbb15221c8754e282814cb697f06186e5e797720f0fc
-
Filesize
1KB
MD5278274b2305e503fed185b1f54b72ad8
SHA10791939dde0001a5823d21dc2b2497e88bf3881e
SHA256ed4a2f4e988d2323d3b243daa1c6df57b026657e44bf93f654d1495d45dc06f3
SHA512ba3c775c359a006d8d16d487b2d0fa986d698ace527af553d9481337d1abd08acf83de676529f4e36b66028884cb5deced6ae53f3a3a6dc26839c67cd2ef17dd
-
Filesize
1KB
MD50e1d13a82d5761e4b6e65b0005b87eff
SHA18df9a58d8682c223ef4ab75023300d03039cdd68
SHA25677b98b55eb5c994329979615c7c7e91d69a4c0f9a8e5aa1fa1360de794980cff
SHA512b2422d5849a80ba75e24b57ec723aada7639c133e9aedf9df55a1210058751146ac913dd83c175e0701cfdd3b6ecdd2c5fc32bce06d7688eaa583bb51822b594
-
Filesize
264KB
-
Filesize
584KB
-
Filesize
64KB
-
Filesize
5.6MB
-
Filesize
408KB