Extracted

• • Target

    tmp

  • Size

    3.4MB

  • MD5

    e695b8888af3b57f1a56961bd289463c

  • SHA1

    e8c3892fcf4635a16fe91b9542953e2ac5141df2

  • SHA256

    c5a45793d7c361f18d36c190b86c951bf0e7a01ad52132c7e9e9d4101eff73aa

  • SHA512

    3c1ba39b7819020ad748bfd8bc0cca01fda5e5c7a2111ec6c034bf99e1974f27cb6a1ad7b3e26ffcfb150c447349661771fd21d54c25602ab01c1b1b43346ce1

  • SSDEEP

    98304:8QBNUcwti78OqJ7TPBSHgMWJ0bJpqcV/:TzUcwti7TQlSBWJq1x

  Score

  10^/10

  blackguardpersistencespywarestealer

  • BlackGuard

    Infostealer first seen in Late 2021.

    stealerblackguard

  • Downloads MZ/PE file

  • Allows Network login with blank passwords

    Allows local user accounts with blank passwords to access device from the network.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2