blackguard | eufive_20220304-191420(1) | Triage

Resubmissions

05/03/2022, 13:14

220305-qgndgsabfm 8

Sharing

Copy URL Twitter E-mail

General

Target

eufive_20220304-191420(1)
Size

2.0MB
MD5

bb5f22fc74149158b637a2bac5064ddb
SHA1

f2e45a2d4d25487260f6d18098cd0ec03759d7d9
SHA256

31c4edabd35f8a9d0695c96f21acd8787eec68b8028973470d64c4956d9f1cd1
SHA512

f6860bcaf3a57353daf3219a9f908c8afdb4360ab650cb888fadfc5ebfa00b0b12d60d39e62f3abb7c52ef46056af42d39f3274ea7f498841cd4376bc15f3ac3
SSDEEP

49152:FUceq3w+dZrYACactL1X2OCvJBb9vjyuho:HewdBOaOCvJmGo

Score

10^/10

blackguard

Malware Config

Extracted

Family

blackguard

C2

http://127.0.0.1:{0}

http://127.0.0.1:{0}/

http://185.173.157.26/

Signatures

Blackguard family
blackguard

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eufive_20220304-191420(1)

Files

eufive_20220304-191420(1)
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 254KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ