blackguard | bb645f9db8579e4905de3c73e4e82e2f6b897205cd850fddf89a1147eeeca401 | Triage

Sharing

General

Target

dxwebsetup.exe
Size

8.0MB
Sample

240304-vefcbagc93
MD5

9e9056c96170bbe10f6bac77e63cb33a
SHA1

fb648b3990b695a0d54f87459a92aa31d8d5da79
SHA256

bb645f9db8579e4905de3c73e4e82e2f6b897205cd850fddf89a1147eeeca401
SHA512

b65d2040728ba6af4458f7bc845eb6692e52e00d780918efab8047b204c87b4328594c4be828b9b4d1b0fa9d62b06231a462448295e78072e65695ee2aca6019
SSDEEP

196608:8AVbV6yBkRlyxZ8C/VZoyjTYmMFxUhkITUYKVz6TIdpRVqY0EZUqj:xVbgyxZ8C/Vcxu1nKVZRVfKi

Score

10^/10

blackguard stealer

Malware Config

Extracted

Family

blackguard

C2

https://api.telegram.org/bot6212779721:AAH2ucrbRMmKbad4xx6D8A7uUPm_fTJwP-Y/sendMessage?chat_id=1859600982

Targets

- Target
  
  dxwebsetup.exe
- Size
  
  8.0MB
- MD5
  
  9e9056c96170bbe10f6bac77e63cb33a
- SHA1
  
  fb648b3990b695a0d54f87459a92aa31d8d5da79
- SHA256
  
  bb645f9db8579e4905de3c73e4e82e2f6b897205cd850fddf89a1147eeeca401
- SHA512
  
  b65d2040728ba6af4458f7bc845eb6692e52e00d780918efab8047b204c87b4328594c4be828b9b4d1b0fa9d62b06231a462448295e78072e65695ee2aca6019
- SSDEEP
  
  196608:8AVbV6yBkRlyxZ8C/VZoyjTYmMFxUhkITUYKVz6TIdpRVqY0EZUqj:xVbgyxZ8C/Vcxu1nKVZRVfKi
Score

10^/10

blackguard stealer
- BlackGuard
  Infostealer first seen in Late 2021.
  stealer blackguard
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackguardstealer

behavioral2

blackguardstealer