Extracted

• • Target

    tmp

  • Size

    115KB

  • MD5

    bfaa027a645e567824a10a26fb8dbefd

  • SHA1

    4ab52a0b1cc105a5462c2255ef84be9af431b82e

  • SHA256

    c67b6f45d0beb461838f87ca2ad4774b52d7ccf9b0fa36652e8642dc72f43302

  • SHA512

    2f7ab0e4451cfeec017ba294cfcbc6f02d85c756bebce1cf9b3c69f6c77386fe9a21897734c44f4aa32dcaf3a1b7fbaaf0c4639edab1c8961761767a656b4569

  • SSDEEP

    1536:ztCbuEYE+9z2wpuFavGmhMnDIhzZtz20tnh/:5CbuAsEFNmhMnDIhNI0tnh/

  Score

  10^/10

  blackguardpersistencespywarestealer

  • BlackGuard

    Infostealer first seen in Late 2021.

    stealerblackguard

  • Downloads MZ/PE file

  • Allows Network login with blank passwords

    Allows local user accounts with blank passwords to access device from the network.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2