Behavioral task
behavioral1
Sample
v2.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
v2.exe
Resource
win10v2004-20231222-en
General
-
Target
v2.exe
-
Size
271KB
-
MD5
85a93044109a70f1bb119d78966a2e4d
-
SHA1
7ecf238e536cf12fa3ff3e57b984f8f147c21266
-
SHA256
433b73b437ad4dd138d5a6a8cea12a4ff7bf93c2c9dc11844ab635b83638ebb8
-
SHA512
30656d405995e5dfc38bd6504463b7290b72f635b6773c1d58b116ee43f3afe0d14eae118139e43448446b6a0ffa4098bbec77ff8580b8df210b32ef1f522691
-
SSDEEP
6144:2mYKJMVRp9hnmy0UYU9B93YUnLbBa2X3Rb36h3oQ:tJ0Rp9hzL82ghYQ
Malware Config
Extracted
blackguard
https://api.telegram.org/bot6694446290:AAHhatGdMQTZc2j8T6IAfes0OfC6QMBYYSg/sendMessage?chat_id=6485360129
Signatures
-
Blackguard family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource v2.exe
Files
-
v2.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 269KB - Virtual size: 268KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ