blackguard | 0d1cae55df38fd37663fa74a1840201ea190a6d333075bf686e0475e9e354cba | Triage

Sharing

General

Target

ec333982af0977d8af5a4984792a4385.bin
Size

3.4MB
Sample

231013-emn2esfc27
MD5

96a53e93c41a69299d89b93731ee4c27
SHA1

c5a18f040606819e10898012428f04bda4c9932b
SHA256

0d1cae55df38fd37663fa74a1840201ea190a6d333075bf686e0475e9e354cba
SHA512

392b9e88fce0172a1e1647531b08756730d3002b63737bb7a436606bfb9cbd2427b8634d8968628b75e5a5ac6d900072defa43b6ba9baaaebefa295386f6e316
SSDEEP

49152:snPdjNR+oWbfnbUjRo8wH35ukH7+V5/oK/GO7EvGL3SXomZk8WOrj8r4+rzZtsym:0Fj+o4bio8wDSVJd1S7BWOo4iztZZNl2

Score

10^/10

blackguard stealer

Malware Config

Targets

- Target
  
  bde2b977cdd7c086a35825a9ba7f2307341a3917f40cc193ed316dde106a6c74.exe
- Size
  
  9.6MB
- MD5
  
  ec333982af0977d8af5a4984792a4385
- SHA1
  
  d5b7e49c6476766d45a18cdd150d0679a9529a5a
- SHA256
  
  bde2b977cdd7c086a35825a9ba7f2307341a3917f40cc193ed316dde106a6c74
- SHA512
  
  1446ecc9ca6f193796cdbaf1b9f291b85a36279659254e6cbf286dba8a0e5f233c889b459b799a0d18462f1210841a61a207f76bc90db4365a43e7d967761cfc
- SSDEEP
  
  49152:LLLjKXCrX+hMesdq40bf95X9K5NRcSJDg/u/fiGhG6E7/6bp1pBt0zKkevwN/+j:
Score

10^/10

blackguard stealer
- BlackGuard
  Infostealer first seen in Late 2021.
  stealer blackguard
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackguardstealer

behavioral2

blackguardstealer