blackguard | 5eecb69d92705c3bf225df3f4adc7965bd73b1c60f49bdf345cf1657a1dba84d | Triage

Submit
Reports

Overview

overview

Static

static

3

JPoint_exe..scr

windows10-2004-x64

Resubmissions

28-04-2024 22:49

240428-2rygzsbb42 10

Sharing

General

Target

JPoint_exe..Scr
Size

29.1MB
Sample

240428-2rygzsbb42
MD5

3a642521a98b0fbd81443aa9c11f17c3
SHA1

a124b3dd773c39af691a616ad36dc4df14c64dfc
SHA256

5eecb69d92705c3bf225df3f4adc7965bd73b1c60f49bdf345cf1657a1dba84d
SHA512

6c863f1c81c08573b4950fbfa210a49106d7d503a808de8e45f72cb12b326fe84c11124c83d6db59edbf164eb855fa0723d4cbd43f03d6f5a3d80b77d604a964
SSDEEP

393216:TCUjvuM6PCZZIPGRVW2GHm3pVO/Gz/goYI4qq0EyEv1B35t1is3z1fr+4fLnjUme:TCJq4uPYHWVO9oyV3n1bz1z+WHFcg

Score

10^/10

blackguard spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JPoint_exe..scr

Resource

win10v2004-20240419-en

blackguard spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

blackguard

C2

https://api.telegram.org/bot6757178519:AAEAoqCn5s-kTgxcmCUqE1t4PNO8wKlQVag/sendMessage?chat_id=1328108259

Targets

- Target
  
  JPoint_exe..Scr
- Size
  
  29.1MB
- MD5
  
  3a642521a98b0fbd81443aa9c11f17c3
- SHA1
  
  a124b3dd773c39af691a616ad36dc4df14c64dfc
- SHA256
  
  5eecb69d92705c3bf225df3f4adc7965bd73b1c60f49bdf345cf1657a1dba84d
- SHA512
  
  6c863f1c81c08573b4950fbfa210a49106d7d503a808de8e45f72cb12b326fe84c11124c83d6db59edbf164eb855fa0723d4cbd43f03d6f5a3d80b77d604a964
- SSDEEP
  
  393216:TCUjvuM6PCZZIPGRVW2GHm3pVO/Gz/goYI4qq0EyEv1B35t1is3z1fr+4fLnjUme:TCJq4uPYHWVO9oyV3n1bz1z+WHFcg
Score

10^/10

blackguard spyware stealer
- BlackGuard
  Infostealer first seen in Late 2021.
  stealer blackguard
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

blackguardspywarestealer

© 2018-2024

Terms | Privacy