Extracted

• • Target

    VegaStealer_v2.exe

  • Size

    7.7MB

  • MD5

    9f4f298bcf1d208bd3ce3907cfb28480

  • SHA1

    05c1cfde951306f8c6e9d484d3d88698c4419c62

  • SHA256

    bf7057293d871cac087daab42daf22c1737a1df6adc7b7963989658f3b65f4cc

  • SHA512

    4c763c3b6d4884f77083db5ccada59bc57803b3226294eff2ec3db8f2121ac01ee240b0e822cb090f5320ce40df545b477e323efabdbca31722731adc4b46806

  • SSDEEP

    98304:Rgl47z3Aldea5a/OhtJeq+4NK+dG7M0mWZsE6+YhU+dbkh4yiMP0Q:H/wld79ht+j1M0mWZsE6+YASy10Q

  Score

  10^/10

  blackguardspywarestealer

  • BlackGuard

    Infostealer first seen in Late 2021.

    stealerblackguard

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1