Extracted

• • Target

    e98777959f0da84b4346f4d8a9dec025014adc90fb895eee29f6d765ba7e0162

  • Size

    5.6MB

  • MD5

    6cac397492e6bc73d6392ced2325f115

  • SHA1

    030889ffae25d113a8bb4265f4a1b8461f51b1f9

  • SHA256

    e98777959f0da84b4346f4d8a9dec025014adc90fb895eee29f6d765ba7e0162

  • SHA512

    e170b23ac30bae677ecbed36ce4ee3326bacd31d90ee22cd394a4e2a7ae6343f280d058f1cfa2c04eb15726fdb9f8db5111fb6693dc71d8f9a2ccc6c37e44802

  • SSDEEP

    98304:e55jJI0tISNT/YdeZazBT+2WKYpTFjU/Lr6yPjlCM5Q2F3Bi0+:e5lJI0RZazVCTFjgLrXQMi2F3J+

  Score

  10^/10

  blackguardpersistencespywarestealer

  • BlackGuard

    Infostealer first seen in Late 2021.

    stealerblackguard

  • Allows Network login with blank passwords

    Allows local user accounts with blank passwords to access device from the network.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence
  behavioral1behavioral2