General
-
Target
Installer.exe
-
Size
7.7MB
-
Sample
240317-w77spscf52
-
MD5
9f4f298bcf1d208bd3ce3907cfb28480
-
SHA1
05c1cfde951306f8c6e9d484d3d88698c4419c62
-
SHA256
bf7057293d871cac087daab42daf22c1737a1df6adc7b7963989658f3b65f4cc
-
SHA512
4c763c3b6d4884f77083db5ccada59bc57803b3226294eff2ec3db8f2121ac01ee240b0e822cb090f5320ce40df545b477e323efabdbca31722731adc4b46806
-
SSDEEP
98304:Rgl47z3Aldea5a/OhtJeq+4NK+dG7M0mWZsE6+YhU+dbkh4yiMP0Q:H/wld79ht+j1M0mWZsE6+YASy10Q
Static task
static1
Behavioral task
behavioral1
Sample
Installer.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Installer.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
blackguard
https://api.telegram.org/bot6540906397:AAG08fPgT-V7I17vtz49STaZEuwqXqKshuM/sendMessage?chat_id=5445185021
Targets
-
-
Target
Installer.exe
-
Size
7.7MB
-
MD5
9f4f298bcf1d208bd3ce3907cfb28480
-
SHA1
05c1cfde951306f8c6e9d484d3d88698c4419c62
-
SHA256
bf7057293d871cac087daab42daf22c1737a1df6adc7b7963989658f3b65f4cc
-
SHA512
4c763c3b6d4884f77083db5ccada59bc57803b3226294eff2ec3db8f2121ac01ee240b0e822cb090f5320ce40df545b477e323efabdbca31722731adc4b46806
-
SSDEEP
98304:Rgl47z3Aldea5a/OhtJeq+4NK+dG7M0mWZsE6+YhU+dbkh4yiMP0Q:H/wld79ht+j1M0mWZsE6+YASy10Q
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-