Overview

overview

10

Static

static

3

Free Cheat...ki.exe

windows7-x64

10

Free Cheat...ki.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Free Cheat by Futuki.exe

  • Size

    7.7MB

  • Sample

    230920-pfmj5agb6w

  • MD5

    ec4d8a592f0cef1ca45d7164f717abf6

  • SHA1

    8e55d8a5d93891243fe9015c6ba9b7ae742905cc

  • SHA256

    b0fea34c8d9ff1eccca7442c49e5751c6d8e6bd3f8a8a7be104467910f4da5da

  • SHA512

    9b665f528d24ad40a3b0ddf1d81abe05117f4cb5f61f3c1b734a954dd0a2186b05925a25d5f4f6e07d9ded1ef8f5d85d33bd1be1815c8803edd5f0348b058d73

  • SSDEEP

    196608:5CBbBTGior04ePRIIf+PcQgfQbdOhp49xfEJ71Alu4YDtf:oBJGXr0pX+PcNfQN9VlluJ1

Score
10/10
blackguardspywarestealer

Malware Config

Extracted

Family

blackguard

C2

https://api.telegram.org/bot6570734497:AAG5YDYvg-y1YomHChhSbhTGtvPb0-LwxXQ/sendMessage?chat_id=1617567220

Targets

    • Target

      Free Cheat by Futuki.exe

    • Size

      7.7MB

    • MD5

      ec4d8a592f0cef1ca45d7164f717abf6

    • SHA1

      8e55d8a5d93891243fe9015c6ba9b7ae742905cc

    • SHA256

      b0fea34c8d9ff1eccca7442c49e5751c6d8e6bd3f8a8a7be104467910f4da5da

    • SHA512

      9b665f528d24ad40a3b0ddf1d81abe05117f4cb5f61f3c1b734a954dd0a2186b05925a25d5f4f6e07d9ded1ef8f5d85d33bd1be1815c8803edd5f0348b058d73

    • SSDEEP

      196608:5CBbBTGior04ePRIIf+PcQgfQbdOhp49xfEJ71Alu4YDtf:oBJGXr0pX+PcNfQN9VlluJ1

    Score
    10/10
    blackguardspywarestealer

    • BlackGuard

      Infostealer first seen in Late 2021.

      stealerblackguard

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks