Overview

overview

10

Static

static

3

a4849cead4...fd.exe

windows7-x64

10

a4849cead4...fd.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a4849cead4dfa68295a47c5471422ffd

  • Size

    1.5MB

  • Sample

    240225-y7xnvaca6y

  • MD5

    a4849cead4dfa68295a47c5471422ffd

  • SHA1

    c6c5e9a0a3c37c583def626f9bc227c0c294fa8a

  • SHA256

    49977d7ebceb8b390b44ed50f6447ce0910c9fc73b1bfdd60eef219138d0038e

  • SHA512

    df17c9ecc176bae94aeab4bf5ec6733198e6b961baca50465bce6c2d2acf6cf070ad9b3ed4e6efa64d4beec3d5de24f0cfdcd7ac0c7bd8ddabf810cae324b4a4

  • SSDEEP

    24576:CGR2feTKmUp6t23c51lT9y+wvfH79MPxvvdvOyoldbUzkvdHXFcTjYu8AlmeX5J5:CGR2fnn/3cV8+wvzCxlvOyovbUkITjhV

Score
10/10
44caliberblackguardspywarestealer

Malware Config

Extracted

Family

blackguard

C2

https://api.telegram.org/bot1818730721:AAGgMZz8w6trwd7tHAnNbu0kJSmYFV_IvXk/sendMessage?chat_id=1610877447

Targets

    • Target

      a4849cead4dfa68295a47c5471422ffd

    • Size

      1.5MB

    • MD5

      a4849cead4dfa68295a47c5471422ffd

    • SHA1

      c6c5e9a0a3c37c583def626f9bc227c0c294fa8a

    • SHA256

      49977d7ebceb8b390b44ed50f6447ce0910c9fc73b1bfdd60eef219138d0038e

    • SHA512

      df17c9ecc176bae94aeab4bf5ec6733198e6b961baca50465bce6c2d2acf6cf070ad9b3ed4e6efa64d4beec3d5de24f0cfdcd7ac0c7bd8ddabf810cae324b4a4

    • SSDEEP

      24576:CGR2feTKmUp6t23c51lT9y+wvfH79MPxvvdvOyoldbUzkvdHXFcTjYu8AlmeX5J5:CGR2fnn/3cV8+wvzCxlvOyovbUkITjhV

    Score
    10/10
    44caliberblackguardspywarestealer

    • 44Caliber

      An open source infostealer written in C#.

      stealer44caliber

    • BlackGuard

      Infostealer first seen in Late 2021.

      stealerblackguard

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks