blackguard | 23a66b32dfa75a94036870a1dce0bfabe6b52331eb2bed02e6953b9fead97298

Sharing

Copy URL

Twitter E-mail

General

Target

TotalAV.exe
Size

68.5MB
Sample

240501-z2yvdsge61
MD5

0562dbe0c247c939fa39caf3b13a3e16
SHA1

e54078a1eea1b359089749dca32a56f33aa21a2e
SHA256

23a66b32dfa75a94036870a1dce0bfabe6b52331eb2bed02e6953b9fead97298
SHA512

68325b00062f9a57d37c1e71c10a9de40e6c32d571502cdec941a52748f9743cd0ede95bbfb447ec0e2f9725c40d7028070ffdbb7417be4cb9cefc394af282e1
SSDEEP

1572864:FE8rnomm29tWOt/JV1yNdSTSCfrK57dVaeXAaW7Dzlt0n:CKommoWOt/lyNdSTlrKJ3DwaunTc

Score

10^/10

blackguard upx

Malware Config

Targets

- Target
  
  TotalAV.exe
- Size
  
  68.5MB
- MD5
  
  0562dbe0c247c939fa39caf3b13a3e16
- SHA1
  
  e54078a1eea1b359089749dca32a56f33aa21a2e
- SHA256
  
  23a66b32dfa75a94036870a1dce0bfabe6b52331eb2bed02e6953b9fead97298
- SHA512
  
  68325b00062f9a57d37c1e71c10a9de40e6c32d571502cdec941a52748f9743cd0ede95bbfb447ec0e2f9725c40d7028070ffdbb7417be4cb9cefc394af282e1
- SSDEEP
  
  1572864:FE8rnomm29tWOt/JV1yNdSTSCfrK57dVaeXAaW7Dzlt0n:CKommoWOt/lyNdSTlrKJ3DwaunTc
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  System.ComponentModel.DataAnnotations.dll
- Size
  
  17KB
- MD5
  
  14d3ff53f3de1382e5acf61f159d2594
- SHA1
  
  87d81931987d7dd3ef406465e9c2a43db25eb260
- SHA256
  
  69aa2c14362ca7abf64ef2f1090a3b02058042f377c16fcbbd324e1d5101dabb
- SHA512
  
  dcb72b674cdef2286f2d2a90a21acdecd1841f2f9bbe6c3174746ae27723160eb54cb2f9700d4df38a4dea67c3476d58de07bf8dbfa1582fbb30d3bec4f35176
- SSDEEP
  
  384:amgfJeteGXxQceYopWudXWgTb2HRN7hL+Hj+R9zFUuev:tAlH/i0Hji9z+uev
Score

1^/10
behavioral3 behavioral4
- Target
  
  System.ComponentModel.EventBasedAsync.dll
- Size
  
  46KB
- MD5
  
  30a2477d9a175edf1145192983ae0e08
- SHA1
  
  59717a5b25cc470246289a8a1923990a08e9f9f9
- SHA256
  
  17c773dc03603dcf4491d6189a2be7e00b117ebc164d45fa459b23fc51a12ff2
- SHA512
  
  6db03f01163f0dbbbb4429257d2435be0b0aef1b19ccbfd5614657e0a55f17896863a734c0cfec17a16927d69ae18f6f5d784959aa245c0e28587b5a0309b650
- SSDEEP
  
  768:qxlOy5A7AqgfWOxrb8gt7iI/dpF/ixMnNMHji9z/aw:qxlOr7ARDxbr7lViQ4+zCw
Score

1^/10
behavioral5 behavioral6
- Target
  
  System.ComponentModel.Primitives.dll
- Size
  
  74KB
- MD5
  
  c62050b023a65b14db3adffb1593e732
- SHA1
  
  97a03772321ef4ace3645221a26974c3ec0f0cb9
- SHA256
  
  8e80a728bef6ae7a72166ece5b989baff0a6011423f5fb707460518365a0ee0d
- SHA512
  
  340062eb9d90bafcd20e9d7d6f504b7b56a5507e6a87322c5f783e6ca5983490b4c5b64687453b8b48681b30b1009f6c1488ae83be72e1ec1b592e5b907896cf
- SSDEEP
  
  1536:Ydu/dSa4Y4Y4Y4Y4Y4Y4Y4Y4Y5K63nQvOul/XxBuHg501M9F2okQPRKeV3iAVz6:Ydu/dSfqwF2oJP7VJe
Score

1^/10
behavioral7 behavioral8
- Target
  
  System.ComponentModel.TypeConverter.dll
- Size
  
  678KB
- MD5
  
  dbcfec0b3492f984ceadfca8e4da5783
- SHA1
  
  168dea2ffc790af48ddeee04ac70e4eef77df4bc
- SHA256
  
  1a99fcafca0e578570214af2fdc0f4770c3fcd556a371084d86243714b52e7fe
- SHA512
  
  d5fcb4644e0cf626b537b246c131556d6f292b1d7765765a2e48470ced26192296e003339f7ff6bdf23c9e4d538a4cb125dd1c3f638d7851a9fe16439b7ce35e
- SSDEEP
  
  12288:wEYO+ueO+ueO+ueOrBg3uNAHjiQAQBsB4lLbXE6djnytrXlnmlsvgdjUnBXkLulv:wJO+ueO+ueO+ueOHXQBfF9djnytrVnmq
Score

1^/10
behavioral10 behavioral9
- Target
  
  System.ComponentModel.dll
- Size
  
  30KB
- MD5
  
  6972a286b196cea3b21c77a37c0cd329
- SHA1
  
  bf3e9081156f9518ac46b692f55edd5e70147b6f
- SHA256
  
  0d2cd39b276ecb4072873ff5227e6e510ef130b1113acb0eb1bf46b275c0b513
- SHA512
  
  81abb2c0cbdbd06ab21adfff126d8356221db892d04dcd7d09c5052cf1199bee9e652625c7e91700b0f918cd57031476a35de8d78b1332aceb6c0fa2416d8944
- SSDEEP
  
  384:pW4X1WCnTySJXgb+MH8AAB5kHRN7LR9z3BTsT2:FYLRd9z3Bm2
Score

1^/10
behavioral11 behavioral12
- Target
  
  System.Configuration.ConfigurationManager.dll
- Size
  
  954KB
- MD5
  
  bd9add7401699079892c3f44b3201407
- SHA1
  
  6da7f395ef9874121c259ad6aff92590d792cf81
- SHA256
  
  10c1d8841d602b4bced587c399437e934161ab944625e93125297bc054d0c7e2
- SHA512
  
  77553d0271d82ce29806dcdaabc0fc365c30d5d610efe3bbe4950ede4382bef221696d9170f38355262287fccbf8e86cb709e3853ff8828ee773e13c4a550bfa
- SSDEEP
  
  12288:PlRNpU+elBfOsdV0Z8oApKK1sPTdokGH5OTNWLOdN24rtylGAAA5SbwAhZNwPuKs:Pb/YUrdAJSbwAhmXh17K6PnCFi0
Score

1^/10
behavioral13 behavioral14
- Target
  
  System.Configuration.dll
- Size
  
  19KB
- MD5
  
  798ea9943e6ac8c55c70b67035d2b48e
- SHA1
  
  2867b8c72dd5f691e8881ce8ce489249538b7da6
- SHA256
  
  fb3cd1dd4b1d5c913a974a171f40337b293f3832b221371b29a3f1b5e12483aa
- SHA512
  
  e4a7a4cb42165ce7cba163b183913859e9ba3d9e0aa4715a941a207d6243abfe4f1a1f88f3d81cba51e96aa2cb8215eeb8e1351b1ea01938ddf3ce1f534d559a
- SSDEEP
  
  384:QvjEWcuXTSv/fJNRvGZYdf3zyP/weD/YnYuAWvfNWg+Tb2HRN7iMOsWAR9zg2MT:QvjEfiDez+/ilL9z2
Score

1^/10
behavioral15 behavioral16
- Target
  
  System.Console.dll
- Size
  
  162KB
- MD5
  
  4dfdf7bfd889a6e2f167a2185f83fe18
- SHA1
  
  55b880a7317ed78e10876fbdd1f22edc14230668
- SHA256
  
  22089908983d33c7a893ccbe897ccb24e51f14c9e2fb98eb9d584ea249354c01
- SHA512
  
  bccd31bbfa75aa5675fe68c8a0501d1b62dd8ada4cb87ca0fbfa90e280ee975d6e5898381d2643e6f6a46ccb85da3b493ecee820317959ab01ce3226fde9d75d
- SSDEEP
  
  3072:SgCEfXcSzfK05n32LqVbn4NYtV/7eLfua/1URUxQr7+1uGXQTY7ucp9wwD:lXZSq/VRVg1ATisGucj/
Score

1^/10
behavioral17 behavioral18
- Target
  
  System.Core.dll
- Size
  
  23KB
- MD5
  
  7196e21711595b3c9d36196988ab6e49
- SHA1
  
  f1274b22e284e598d9d83ee781490f0dbf90de4c
- SHA256
  
  0355da32f025abea5a93591a455c41377d839365b65b497515b0213d307d0125
- SHA512
  
  81c19bae8ab11f86198dc6c7c6563ac6b8ac3951bb70ad58eb60511d2052fb2b637b9786957bd4596e6477354ecedf9a7863392982f0e248723350fb58660e3d
- SSDEEP
  
  384:ZOXNOW8q/XTBdIfVLeESnlMUBAojTpP9KdxkSW1FU1MXtz0fJmh7WXi2WrTb2HRZ:ZOXNOW8q/XTBdIfVLeESnlMUBAojTpP4
Score

1^/10
behavioral19 behavioral20
- Target
  
  System.Data.Common.dll
- Size
  
  2.7MB
- MD5
  
  a5e6418794faf04ae4c9b7eb37e2fa52
- SHA1
  
  da08753e9e3de4ede668902a98b43a04345664c3
- SHA256
  
  9064122f6ab10928fadc2e244287d0d9ca068e0b1b9a5ed65e2fb9f71ec5c47a
- SHA512
  
  1c23dea2ff770a597043658177fb3413733e244fe38bcfbe1b673fe9aa9a47c6b082fd3b82ddc52329b5b08e3f54435d37ff6c00516b32226d25ea36de702af9
- SSDEEP
  
  49152:iJbrz83SifrRXbuoYTw6Xr4Kdd/ebiBoHtk069gN4srA1:2rzn7sHg93sg
Score

1^/10
behavioral21 behavioral22
- Target
  
  System.Data.DataSetExtensions.dll
- Size
  
  15KB
- MD5
  
  2efc9b5e1e777576504af85ed6580f91
- SHA1
  
  29dafe5c28bdb7b7041bde6f1b70cb93e796d047
- SHA256
  
  ff88e0904ddee8dd1c1df50727fd8acc05fd3b6cee508f02e06afac1495e074b
- SHA512
  
  04c7837ac2e238a3e5be781895e6b99506934c8ab79303a979484d7a880caae10df107b460993d55db7f1b8150782f70ede3b089415511d374bb57c9414b0719
- SSDEEP
  
  192:WVCm3A/LKtpWaJ7WmjD3WT56Os1HnhWgN7agWfVQEl+X01k9z3ACiDFch:WVCmVtpWaJ7WmjC5kHRN7CQY+R9zv6FA
Score

1^/10
behavioral23 behavioral24
- Target
  
  System.Data.SQLite.EF6.dll
- Size
  
  201KB
- MD5
  
  5aade44cbdc252e5beaa7cb4b902c58d
- SHA1
  
  abf63997242e09a937d13365a055f13803838171
- SHA256
  
  165f99e96a4360579498eaac8682543101bde8eac271774fc0398a38c852d3cd
- SHA512
  
  9452e99d671a5dabc8a0b61dd0641969e2852a8ed079dc202f367c9e1493d0b6636ed99c14f9b50d886c03a3e7fdd69a367b72ef9581da6b7eae32afc928fe45
- SSDEEP
  
  3072:GNh7rDcCmzJzAI1dvhyJ6KP8cjJLUx7L4xV:Gb7/mV1K6KP8cp
Score

1^/10
behavioral25 behavioral26
- Target
  
  System.Data.SQLite.dll
- Size
  
  417KB
- MD5
  
  0b7b81a16678d14ef2ee32ec3fb1212e
- SHA1
  
  60d40fb1aeb34698d54062409f7340bf08250142
- SHA256
  
  e9a36502e649693e290263682dfb3f023f593445473618450d0cce2ce505dc2e
- SHA512
  
  fb38b839d802ef245ca710e9da49ffd9710b72f70942f4ec3f728b6adbcb72dfeb130fef5aeb17440e09267ef2708b47b8c313040313e81251f4c11234825d67
- SSDEEP
  
  12288:ADPeKKrekf1sVIG14FNFfcaFeFOFwcGF6cmFWc0FWc8cIcKcUFJFpcNcHc7cbch1:ADeK4qmG1iM
Score

1^/10
behavioral27 behavioral28
- Target
  
  System.Data.SqlClient.dll
- Size
  
  999KB
- MD5
  
  0aebc8e926bd1f1269e5a053b6b541dd
- SHA1
  
  b40671a4d2973a1e4d71dc674308b8883ebe58f9
- SHA256
  
  5f79c075d83904ac64510c3dc77e45980ea38b82204e39c3913531bfff78585b
- SHA512
  
  ab5d8f401f86c911de64d8083e507c63012d9ced7af32fd28414104e4c2e89305fbe09c49ebe9f1b2ae45fe1f45c9179bcfa4a2324d8da1201769faeb11f1a45
- SSDEEP
  
  12288:9SqIAB+KyECe4rnKwJyjyIcAL07LgUulGC9337lTQaf60FhFoFmF8cjcsc4FEFbZ:9SqIAB+KyECe4bNyjyIcALCgUud7lT
Score

1^/10
behavioral29 behavioral30
- Target
  
  System.Data.dll
- Size
  
  25KB
- MD5
  
  68c66600a3a671b8993616b3c86cdbff
- SHA1
  
  41f55bfc6db92e94e8e31c8ff257ff080b2246e0
- SHA256
  
  4ae7af56fb781bc188c8e9591863bcc502f4c47e9cca16aaa6cc32cc70fa33b9
- SHA512
  
  78c12b8b5fd16186c887b359f8308fda2446b41162dd4daa3e2a0dba9ff1e2dd42c274c435bc80a9d83c2fe3b4ff836d723c8acc6ea5c2f22b7c7d2494bdf3f3
- SSDEEP
  
  384:EF1WWGaq7z91Wmad2SoxDJQaLoWiXFWpTb2HRN7R+c2+Hj+R9zFz326:W1WWGaq75UmfDJQbc/iR+sHji9zx26
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32