Overview

overview

10

Static

static

3

32595ac793...74.exe

windows7-x64

10

32595ac793...74.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    32595ac79386e97e05f876c5dd2ab874

  • Size

    1.7MB

  • Sample

    231231-maydbsbbdp

  • MD5

    32595ac79386e97e05f876c5dd2ab874

  • SHA1

    c989b9d5095373707323209898e9af47d695b289

  • SHA256

    9935470ff0da61daff7361e3376f0a40401757e4d0ce6c20f07333bc6f041085

  • SHA512

    46a1592acee78ed4104bd68830f23665ac0cbbe8be1734c57d0b393b0a9daeabcfafee13f0083447a842c3578cd3d99cc18dbeb0eff3a0f0582f349b12ca068d

  • SSDEEP

    49152:RTaXfndwbmGJMZeFNOHoabDvhn0TKfurQqlnJfVWncA0xGM:RTkft2NVabD10TKfoFu50/

Score
10/10
44caliberblackguardspywarestealer

Malware Config

Extracted

Family

blackguard

C2

https://api.telegram.org/bot1780840566:AAGlajN7Tzg16_1IyBIF3IbdIk9kg_wlmYw/sendMessage?chat_id=397349583

Targets

    • Target

      32595ac79386e97e05f876c5dd2ab874

    • Size

      1.7MB

    • MD5

      32595ac79386e97e05f876c5dd2ab874

    • SHA1

      c989b9d5095373707323209898e9af47d695b289

    • SHA256

      9935470ff0da61daff7361e3376f0a40401757e4d0ce6c20f07333bc6f041085

    • SHA512

      46a1592acee78ed4104bd68830f23665ac0cbbe8be1734c57d0b393b0a9daeabcfafee13f0083447a842c3578cd3d99cc18dbeb0eff3a0f0582f349b12ca068d

    • SSDEEP

      49152:RTaXfndwbmGJMZeFNOHoabDvhn0TKfurQqlnJfVWncA0xGM:RTkft2NVabD10TKfoFu50/

    Score
    10/10
    44caliberblackguardspywarestealer

    • 44Caliber

      An open source infostealer written in C#.

      stealer44caliber

    • BlackGuard

      Infostealer first seen in Late 2021.

      stealerblackguard

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks