blackguard | a96e25e828ff6762d3e630a863e27ff54e53d8c5de90b7ea60f4d30facbc559d | Triage

Sharing

General

Target

ContentWarning_Fix_Repair_Steam_V4_Generic.rar
Size

10.8MB
Sample

240412-sdhd6sed7y
MD5

60b1a89cb4d614f898699eeb3f938ea2
SHA1

28ad3c6905488fe245614386619e974f02d1f49c
SHA256

a96e25e828ff6762d3e630a863e27ff54e53d8c5de90b7ea60f4d30facbc559d
SHA512

1dae5f9962a614816f3afb71d61d1edd17b2b2445bfe2a556610e04d5f52b4633228cc038841aa61603cd434c34f25ff3a9c3b6ca35e914720e777225e93932e
SSDEEP

196608:o0fNSVyH7jPkXyj2/YHQ99lYMDdObg4E5Jbwzg/hLggLjIcBD4oax:oSNS8vOyj2wHQtDdObg4IbDhLgmjDBDI

Score

10^/10

blackguard evasion trojan

Malware Config

Targets

- Target
  
  ContentWarning_Fix_Repair_Steam_V4_Generic.rar
- Size
  
  10.8MB
- MD5
  
  60b1a89cb4d614f898699eeb3f938ea2
- SHA1
  
  28ad3c6905488fe245614386619e974f02d1f49c
- SHA256
  
  a96e25e828ff6762d3e630a863e27ff54e53d8c5de90b7ea60f4d30facbc559d
- SHA512
  
  1dae5f9962a614816f3afb71d61d1edd17b2b2445bfe2a556610e04d5f52b4633228cc038841aa61603cd434c34f25ff3a9c3b6ca35e914720e777225e93932e
- SSDEEP
  
  196608:o0fNSVyH7jPkXyj2/YHQ99lYMDdObg4E5Jbwzg/hLggLjIcBD4oax:oSNS8vOyj2wHQtDdObg4IbDhLgmjDBDI
Score

6^/10
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2
- Target
  
  ContentWarning_Fix_Repair_Steam_V4_Generic/BepInEx/core/BepInEx.Preloader.dll
- Size
  
  42KB
- MD5
  
  24e30ee42802145447b474613f66c376
- SHA1
  
  096810482069885b56fa430f7dfbcb77506f086d
- SHA256
  
  9a7597d16bfc1d2564c6c1168fb077443155946b66f2041e1d1cf9548de210b2
- SHA512
  
  3cbd64478650c1093e9c778408291d9184a84b5190e2d540060faf112b68feffa2d90a2fb97e82f586b40fd85ff60c77c780adf6f867a591a3c068be3718c0bd
- SSDEEP
  
  384:2MEBj+RTLt5m7jJQNqgXnz2pxZqf3mjE7EP/QvlGM/3G3kDH0nMxbdgRwe5Lybru:vRwJxMejEAPMvGjgbVoLybr6csQp4
Score

1^/10
behavioral3 behavioral4
- Target
  
  ContentWarning_Fix_Repair_Steam_V4_Generic/Content Warning_Data/Plugins/x86_64/steam_api64.dll
- Size
  
  291KB
- MD5
  
  f3db5801dc9b75da671b39041e2e8bcf
- SHA1
  
  40d0ae44e090db49b2309fb152fbd3e11124a376
- SHA256
  
  a44e5537939ae4eebc69000589aa9b2437a667813a1657cc779198bae9b815a9
- SHA512
  
  9abeb8542ce48f3d263e9924a82cafa80b42b730636f1df6e594679482b6638997563b5d752d5505f25596a5d0e2f56f1255e4a94bb9523d47c180bc131e22f9
- SSDEEP
  
  3072:B8Y+BDOgGIWcXSEJeRhqTMdU55UuT7+7JtN3RUOj65lhTbCMTiGu2ZvJpKCZyq+g:BYPNrQheMW5vTKxRo8CgCZyqO2CM4OYS
Score

1^/10
behavioral5 behavioral6
- Target
  
  ContentWarning_Fix_Repair_Steam_V4_Generic/Custom.dll
- Size
  
  2.1MB
- MD5
  
  310120290f8cc047681f8a348ab9d851
- SHA1
  
  478b3dd155c06be474efde3ae3ffb86450f78a6d
- SHA256
  
  3ff601e0ad8c73ad433f158627fda8d58c52a983907f05ff0d83933230becf56
- SHA512
  
  c381b20d3b8fcb19a2b483f47db11401b2196c8cfef12cb613bf60513b7a1e15d4b3150a56da8516a708f845889a353607306d2751b00f5365b622d5b4422854
- SSDEEP
  
  24576:1uILGblwKgf70b6sAUmLuBUJ/KE/dFdy8goDSGIt6:1wlS0bBmQKRynqS
Score

1^/10
behavioral7 behavioral8
- Target
  
  ContentWarning_Fix_Repair_Steam_V4_Generic/OnlineFix.ini
- Size
  
  553B
- MD5
  
  38b877777ff2bdbf9c3a6cb1496b0a7a
- SHA1
  
  2dfbe9ece9f32d51e2a2487f006cc8be4f5de7a8
- SHA256
  
  c4f77eb33eb6d403d8ef5756ea9ab4380d5cc0040721928aff87a0aa4238201e
- SHA512
  
  6f812f900bf4572e6977b24d1d875adcdbe96191f2ad3f44dbcf6f9d228f48e2f127fe1187b72c11d3156f9e680cfd1fe6363b49e1f5d133d7832b93ddb5102c
Score

1^/10
behavioral10 behavioral9
- Target
  
  ContentWarning_Fix_Repair_Steam_V4_Generic/OnlineFix.url
- Size
  
  46B
- MD5
  
  59bf167dc52a52f6e45f418f8c73ffa1
- SHA1
  
  fa006950a6a971e89d4a1c23070d458a30463999
- SHA256
  
  3cb526cccccc54af4c006fff00d1f48f830d08cdd4a2f21213856065666ef38e
- SHA512
  
  00005820f0418d4a3b802de4a7055475c88d79c2ee3ebfa580b7ae66a12c6966e5b092a02dc0f40db0fd3b821ea28d4aec14d7d404ead4ea88dc54a1815ffe26
Score

6^/10

evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
behavioral11 behavioral12
- Target
  
  ContentWarning_Fix_Repair_Steam_V4_Generic/OnlineFix64.dll
- Size
  
  11.4MB
- MD5
  
  47405758b967aa564aeb20fddf06ed77
- SHA1
  
  1d9f52eedbc5f5d7df844baa0b9a9094a4c1a278
- SHA256
  
  14232bd5332d950291bc419d3dba5d8794079adfe108a3fd0688af8a01ca5e6b
- SHA512
  
  77a5b85093d797aff5a02fee74fede49dd24f736c10660167ecc49a10fca7715e5bf107e9318143858a24c8bdb93c4c8442388154ddb4290a7f7ace07df1e3ab
- SSDEEP
  
  196608:L15lPjdkENulnJCLYG+ag8WraGyI0s111IwR+QfgpjHh93OoE9KmG67os:55LkyYP8WrLyIn1uw/IzOYZ
Score

1^/10
behavioral13 behavioral14
- Target
  
  ContentWarning_Fix_Repair_Steam_V4_Generic/SteamOverlay64.dll
- Size
  
  114KB
- MD5
  
  0a5429b888c75f6525e1100e32dd2b69
- SHA1
  
  8ae224580aa0838a7b1570c79d4d8f27a1b46d19
- SHA256
  
  f784b4b85b627c7ea541bd2a90c9fc6e9736a0731707c31265aa86fe684dc2df
- SHA512
  
  5f77ac9619ccb5baebabb2e406ce265148ad18c6e1162c7d4c3a5656f38abedf90f756a829da856312689a738a3258382f37a279843bf7db0c14ac953c6992ef
- SSDEEP
  
  1536:h1iaPnCtV4+1/IGiaA7bSMhP3rOy843NxnpWJtRsWkd09dl38s6BtcBRXh4:h1iaPn5+uGi/7bpxaX43Ni3aMLJB1h
Score

1^/10
behavioral15 behavioral16
- Target
  
  ContentWarning_Fix_Repair_Steam_V4_Generic/dlllist.txt
- Size
  
  204B
- MD5
  
  88b5da9eac806f1af95b884d9649215e
- SHA1
  
  d229a8e0dda21b53af01f58584aace321d1fd5be
- SHA256
  
  2a4b92a851e6fa066803236744cf110c0f25072f4b14b67e6ad81b06952ac197
- SHA512
  
  ba74affd534fb9eb1dfb850f8d11f2fafb337536ee73b6aa1b5e0b399b92dc1533ab2e1fbc8c76f3f8d94b09631d549aba1c4026383bcabf0214cc055d2465d8
Score

1^/10
behavioral17 behavioral18
- Target
  
  ContentWarning_Fix_Repair_Steam_V4_Generic/winmm.dll
- Size
  
  512KB
- MD5
  
  e59aac558d9f9c5d1312ac24d09c51d5
- SHA1
  
  2f11c4b00f5f92d4466348f9501aa657c9bf6fa7
- SHA256
  
  ba37009eef6c041bc6d0a271c13679fb9e14a005bd7e038cee596cd4064cf8b3
- SHA512
  
  1c3b357074d62d5ca11c92d71ffdacb4a7e3d6fb17cbd4b489e5bea0032cea43650a6809388e98e4b98256b477c6b5dbd8fd2c7f4e3e08af00ef68e0ed4406d0
- SSDEEP
  
  12288:XQxOD9ZC0WKOy8zMtJKpBmpMgBNwQuQmMzWq0hNwnoAZwl:XQxOD9ZFKpB+N7JmMzWq0hNwnBZ
Score

1^/10
behavioral19 behavioral20
- Target
  
  MrPcGamer.url
- Size
  
  220B
- MD5
  
  e4de23acaa93617bbfc2aca9b9881ee5
- SHA1
  
  b1fc999c81e87b784e369e6d57fb1e7f5f302e6a
- SHA256
  
  e7429327a37047e65b366212591ca03efc9c6bd8bf3a79a465e3d42a95a42525
- SHA512
  
  a6eecda572fba2c5dc543b04a695cc27fda0c2be913660df69a8640a375fbeffba0cf7a5dbaf44e9fba6a7e7ed7886c64852ee5e843d1f3cc6ca333f67743ccc
Score

6^/10

evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
behavioral21 behavioral22
- Target
  
  README !!!.txt
- Size
  
  116B
- MD5
  
  c0b368f83f23bcfbcde0fafa9f30d741
- SHA1
  
  3e8ef72a11f537500ebae7dcdb644e57cbb5dc31
- SHA256
  
  ba314c3708c6b435e5a7fa4ae044e5e651308ac0aa3fbce58d0b3f163f101eb7
- SHA512
  
  9ca3004fcb60050a65baf0d721208d8bd10a71dbbc4b206abec121495973c1f25e405b6e2ecd0731a54d336e9ba39d9e009b40b16ddf8d992f5b10754fab61ba
Score

1^/10
behavioral23 behavioral24
- Target
  
  [Game3rb].url
- Size
  
  218B
- MD5
  
  d0d54bcdde7fce0424d072c5babaa968
- SHA1
  
  3c88909ef366d819e2e62a4984ac836e6b5e8695
- SHA256
  
  e4b38b71be0000d8085808776a25af7193d1e327054601c6ef568dd22e20b45d
- SHA512
  
  6015347e0358438cdfed8bb71b30aa6f83438d9161d2bc05c277b290ea1f40269425cef67528de52f621f6e0537dbd702d88ec6bc8e6b47f76c2f6d58b2018a2
Score

6^/10

evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
behavioral25 behavioral26

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26