General

  • Target

    eb85c8d233bbc43b89d451aa8980218e_JaffaCakes118

  • Size

    416KB

  • Sample

    240410-t8glsshc7w

  • MD5

    eb85c8d233bbc43b89d451aa8980218e

  • SHA1

    e182f64c338e843fe492949ed6011a2492849013

  • SHA256

    2e1064e3bd2d37cd96495c01f326d4a543b77e38045a983e93e99a4704df206f

  • SHA512

    0173784e53521d4a789d69330e241b05cc14e7c27cb7559dc7be65296c5d27bbae4ff9c17f46878ee9654f8f05c116663cab24aa206ebe3943cda02e85bfd335

  • SSDEEP

    6144:XNqXQgfMkh5eWDbhj4uhxGdkrpNJfet3Agp0q9ygbX+1RzDU8:9qXQgUk5d44xGONJsaMJcR/V

Malware Config

Extracted

Family

blackguard

C2

https://api.telegram.org/bot1711224512:AAG22Nlr-jO4MyOqR-e8u_WyFQ4Bw7rDtVw/sendMessage?chat_id=1640241476

Targets

    • Target

      eb85c8d233bbc43b89d451aa8980218e_JaffaCakes118

    • Size

      416KB

    • MD5

      eb85c8d233bbc43b89d451aa8980218e

    • SHA1

      e182f64c338e843fe492949ed6011a2492849013

    • SHA256

      2e1064e3bd2d37cd96495c01f326d4a543b77e38045a983e93e99a4704df206f

    • SHA512

      0173784e53521d4a789d69330e241b05cc14e7c27cb7559dc7be65296c5d27bbae4ff9c17f46878ee9654f8f05c116663cab24aa206ebe3943cda02e85bfd335

    • SSDEEP

      6144:XNqXQgfMkh5eWDbhj4uhxGdkrpNJfet3Agp0q9ygbX+1RzDU8:9qXQgUk5d44xGONJsaMJcR/V

    • BlackGuard

      Infostealer first seen in Late 2021.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks