blackguard | 23a66b32dfa75a94036870a1dce0bfabe6b52331eb2bed02e6953b9fead97298

Sharing

Copy URL

Twitter E-mail

General

Target

TotalAV.exe
Size

68.5MB
Sample

240523-n2mxcafc6t
MD5

0562dbe0c247c939fa39caf3b13a3e16
SHA1

e54078a1eea1b359089749dca32a56f33aa21a2e
SHA256

23a66b32dfa75a94036870a1dce0bfabe6b52331eb2bed02e6953b9fead97298
SHA512

68325b00062f9a57d37c1e71c10a9de40e6c32d571502cdec941a52748f9743cd0ede95bbfb447ec0e2f9725c40d7028070ffdbb7417be4cb9cefc394af282e1
SSDEEP

1572864:FE8rnomm29tWOt/JV1yNdSTSCfrK57dVaeXAaW7Dzlt0n:CKommoWOt/lyNdSTlrKJ3DwaunTc

Score

10^/10

blackguard upx

Malware Config

Targets

- Target
  
  TotalAV.exe
- Size
  
  68.5MB
- MD5
  
  0562dbe0c247c939fa39caf3b13a3e16
- SHA1
  
  e54078a1eea1b359089749dca32a56f33aa21a2e
- SHA256
  
  23a66b32dfa75a94036870a1dce0bfabe6b52331eb2bed02e6953b9fead97298
- SHA512
  
  68325b00062f9a57d37c1e71c10a9de40e6c32d571502cdec941a52748f9743cd0ede95bbfb447ec0e2f9725c40d7028070ffdbb7417be4cb9cefc394af282e1
- SSDEEP
  
  1572864:FE8rnomm29tWOt/JV1yNdSTSCfrK57dVaeXAaW7Dzlt0n:CKommoWOt/lyNdSTlrKJ3DwaunTc
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  Utilizr.dll
- Size
  
  104KB
- MD5
  
  ee9f6155e1937c9ce548edadeaa07d6c
- SHA1
  
  f5c04e3eb0c86f666d75d278d2e1461514b12b75
- SHA256
  
  92d4ab551bff486f74330083544668c6c9d0247bb6fe49789da2cb8a635b554a
- SHA512
  
  4428d8a0176f371f8a643945fcb145185030bc5af68dcce343f3757023bea09a42002fb7218dbacf252a6be0e70f64f49cc51a34c5454e496fc4142082ea800b
- SSDEEP
  
  3072:u0ZrQBrlmEFXXlsUyKlObIUF5p/MCWP/kQPEV0jxE:gBrlmCd0bIUvp/QP+VL
Score

1^/10
behavioral3 behavioral4
- Target
  
  WinRT.Runtime.dll
- Size
  
  386KB
- MD5
  
  90dc40e75c327e0fdba61db64b072b4a
- SHA1
  
  6c98267569de737a6a9d428db9075a2083dcd82e
- SHA256
  
  939bbb625de67356076bf6aeeeb3c7513c19484a2bd639dc15aa77b482916458
- SHA512
  
  ad1532edee4600a07d2722e433a4a6d1cc4e71737b51cbf4ece66cf4b8d0e2d20fb0d1b2477f07cfa35ab69271d1fb3f54357fc68941abf2271ba5a7f1a2596d
- SSDEEP
  
  6144:kAFoncBIEX4IhXDSDOyiOJPvcFVgoFjTp30N+olVY8ZjYPqNHav96iTtq7C:kAFonw5XiD1dlVYgNHav96iTtq
Score

1^/10
behavioral5 behavioral6
- Target
  
  WindowsBase.dll
- Size
  
  2.0MB
- MD5
  
  831dd8ef63eff10f1199830b71257157
- SHA1
  
  ab5d0444ae8ccb3383649686b857044c961c8c4c
- SHA256
  
  8645346985c06b23c62b69591c387d336dbfbcab17712c52ed29ca604f85df49
- SHA512
  
  2eb23f65a2e448e24734e48151649da88d4339ba900af4535c23f627a7a5d9dc6393b2579c84e906923a68b4f816e3d7dca29379673188ac2dfd0624c6f7a876
- SSDEEP
  
  24576:lpvm4FQWeE8SPvyPmuuWGOemGOa4QoAfjBvEp3+REhF4kHfq2DkHcM0We4rc6VRD:Xvm4ae7jBveOREz4agHK4pVRouSqz42
Score

1^/10
behavioral7 behavioral8
- Target
  
  WindowsFormsIntegration.dll
- Size
  
  190KB
- MD5
  
  087d917310a9355ef8ed1f55104872e9
- SHA1
  
  7a681602ec4d82f3659b750670f18aad3778d4e1
- SHA256
  
  5f14056bf15c6f4bce946d95289ad5659bb5a7f2756b0da3dc22799eccfcf2a2
- SHA512
  
  270f970fdf090173650a8b2667aeee6823609993398d352ecf3d28350a2427125f657ac9f5a1f60355bdcc8bebfa75500c97a88b851508f327df3530b34c5ae4
- SSDEEP
  
  3072:E9l1w2q3QtH5W6pyJ4GJxWjQ/pIUGOpQBdxeVJm49mwCl5qf0B9iK8aJkmsWmuUL:teZWRJxWjSpGO6wPeZUvuCF
Score

1^/10
behavioral10 behavioral9
- Target
  
  aspnetcorev2_inprocess.dll
- Size
  
  321KB
- MD5
  
  a00a6e21259a7657f0586c29d8196893
- SHA1
  
  a639635734f64f8e8fd8c3cbfc3d3ad9c7df049c
- SHA256
  
  434aba38ed2cdda2ea08469a51e7aa1c2c109ff651360bb16592db6a107748ba
- SHA512
  
  2dd4189cc71670b68ef327545563aef5cb26f09ac282668941eacad45be6850ccad80e89b5c831e8591b510ccc79db3b0ab98862c9f7e147fef08633d86c8487
- SSDEEP
  
  6144:vDTn8BgwyTd8OKxtr69fgO6HjkXpgejEM+y9WrwUN19At3wpc:vDoCwyuuoTHs2kv+vrACi
Score

3^/10
behavioral11 behavioral12
- Target
  
  bins/subinacl.exe
- Size
  
  291KB
- MD5
  
  7bd591f56af173edc8ca01bd62df6eac
- SHA1
  
  43e88cd5cee3b9c66de428c84501d8660ea0586b
- SHA256
  
  371cd9c35282843d572a3186975cc749e425fd4eeae1bb93a9b0cf20c22a9dc8
- SHA512
  
  b88d0c26a6f17d7b2d5483fc9a54002ea9fe26eabf10e5385ce4a13d81db5d7e8421d09bb5eaff453a6f5a210d547cf625fef74d209b2b5f0031621e9796366a
- SSDEEP
  
  3072:W856+Aq4WBT5TjbyfQ5d2ap3BES3l+3p7z8p5+cyIqrKMjE3g2AJX5ex4uyj0bOi:Z56+Aq4WBTWpSqXhpeEioU2UJ
Score

1^/10
behavioral13 behavioral14
- Target
  
  clretwrc.dll
- Size
  
  302KB
- MD5
  
  34e3d0f0b743ccec78a5958e5d9975bc
- SHA1
  
  d18ea570cdbc8bd517cc2b74fad7425a9d28e6f8
- SHA256
  
  6a03559809ff62cb9c892ac1dcce030c875d78a689ec36765e8effacbc87ff1b
- SHA512
  
  1f5edfd1c393924ef187a2e0c5da0cfd53b21218f60592648b321a4a64c53df474ba2a06b15b12cd8a87d3a83f8f96b72c2109d593738635271cc022654a3779
- SSDEEP
  
  1536:Vm9XpU6HFSRFiwJ1Q6aCFhglzTLX4GD0g56TCZFQqo5R8Uxxf4StTip+zX:Vm9XK6lSblhglz3IGD0gMTCPQX7f4Spb
Score

1^/10
behavioral15 behavioral16
- Target
  
  clrgc.dll
- Size
  
  419KB
- MD5
  
  83561ada2482b088a381e8cbb94a3c03
- SHA1
  
  e58d58dd3191541d449a41d8e7c9d40ae55bf519
- SHA256
  
  acd770e53d74ccbc8b2e298b4991735583ecdf1827f42d5f29664e01c0000160
- SHA512
  
  0dff4e4585f5a98046581a457f23bdcb4d91ee190344a3146746299b6f538344adb7d5b7052c0d4ac8acc8efe9d37f4c90f1511db6de8bc5c2629ca4cbabb92e
- SSDEEP
  
  6144:Ve+1tRk4BTkADXyMczeMxWNhHI8mbb7RfXcFkZ6CdaOyycTYLqmdJb9oMK9+n+la:xR+ALycMxWHInZXcFkZ6YcTO9SWe+Y8
Score

3^/10
behavioral17 behavioral18
- Target
  
  clrjit.dll
- Size
  
  1.3MB
- MD5
  
  dab01669580678e2a8a85c08db50a333
- SHA1
  
  1ec047092cfc98e34e3151964198e7e5d84c5aaa
- SHA256
  
  e1a5eb5b0ab98c2203eb5657a80530dfbfe01c4a6cd790d4f15785cdb085af0f
- SHA512
  
  1aab4c45783711a29d2e182fe7e7aeb2a0c23f967dee16203485147f50b89305bde2d704caa8abaee9ddec88013253c3d00856e9e364b02aa0ed967894af3e20
- SSDEEP
  
  24576:QND9BgKbP1rKOgnKr+neEpZy0wsrng+VatfsUV7baVsQYhRBdsGN4PtsrcOtV:6D0K5+Ogn6+neEi0weg+VatUCbasYGN3
Score

1^/10
behavioral19 behavioral20
- Target
  
  coreclr.dll
- Size
  
  4.1MB
- MD5
  
  767897093bddfb6f761bfe153a95ea90
- SHA1
  
  f86728818ae402d95126a566680d2ec78786af6c
- SHA256
  
  62013a1fe85c946e9115c29230b4b1e399eeb2ecbc173310a422b9191f472678
- SHA512
  
  6aa117444bf8645a2d48cafda53af640b832909d0bcad4f55a5c2f4ceb1fd3cadb679859590c3a8d6ce97224c9e7d13818d465557bd88ea292928266bf8d0d52
- SSDEEP
  
  98304:9fLanypbFlhYw0BKNS8UoRXDoLvhJ74/HfYaS2MsHKyzn38LEX0FU:ZLany7lhX0i/RzoLvhJ74/AaS2nHVmE7
Score

1^/10
behavioral21 behavioral22
- Target
  
  createdump.exe
- Size
  
  47KB
- MD5
  
  46eb445f7e0fc0312ec49606430bc3b6
- SHA1
  
  417408b384688a1a3fbeb0d06d3cc45ce0c434c7
- SHA256
  
  409ec259e28b8fe944b126ccf708bc1da6349e69b8ce976718ae37f70acfa68a
- SHA512
  
  9be598b51d14f1b06fb1b9f32382eaa3dc02a1f02248a952b61202bf8a24bdc4d5c762eeeab515be84029b6df6151ccd85efef5c7f0caa2fdd01bf51eb0280c7
- SSDEEP
  
  768:aIbDBksGQYHAprVjYk8J65SLfBhz8Y6tCGuHXQGe6GroCnAD7RJUS9bZOQ9zdks7:aIbDBksGQYHAprVjYxoILZhRWuHk+USD
Score

1^/10
behavioral23 behavioral24
- Target
  
  e_sqlite3.dll
- Size
  
  1.2MB
- MD5
  
  e52a4a0a6f61ec95aa51d8ffd682b72e
- SHA1
  
  6a3529c7ac873131a766415879b20925ff404b64
- SHA256
  
  7dd2e2923e9a988866d969bb5a76a9d3448a11a0f225b83c734161977db564a5
- SHA512
  
  0e91687ba8b36cc0a7019ba1bd819f538cd55649914319a074669b7a04fdc9a195d36ba1fd5eeeb6149bffdf46e6dccc6e8d4b8e1cce62aa13463f9410423883
- SSDEEP
  
  24576:yYSeKX/cFecrhg7Z1zqLSfFPHUNS/kVKEye8phGkUrjXF9IaDEE2m:yYP5rK1zl6ScgU/3EE2m
Score

3^/10
behavioral25 behavioral26
- Target
  
  grpc_csharp_ext.x86.dll
- Size
  
  9.5MB
- MD5
  
  5375b505f0463930ee8ea2254b477deb
- SHA1
  
  b114bc70840fcfd7bb60ecacffa1944f23a459ff
- SHA256
  
  f6a6b19a8ea19e51cd4fb8e120a8b3df609429193653618e56d24c5d9704e56c
- SHA512
  
  2ce74bb9cafb182e0052cefbc5b40c0cebc6df31df80df59cd1be9affab53e274d75133327903fe3d8828f09225b20d48e3e2fc58bb58a4d17f542c5d6e7f7d4
- SSDEEP
  
  98304:ht0TyUQmSCXRLO0KmlsunPzBVhgH01n/QoDD:hwQmSCB3Kmlsq1
Score

3^/10
behavioral27 behavioral28
- Target
  
  hostfxr.dll
- Size
  
  309KB
- MD5
  
  0827a73b3e611d14b04aea7afa7bb916
- SHA1
  
  f7edaaf2afa6f6807c9880ba8bfa0ecd6bc792c4
- SHA256
  
  ec76e4e93532e235e219fc02b7b9bb13512c06ae294c83de31ca8a72edcab295
- SHA512
  
  b986d26db2d261509b8de9f626863753ea6996655349450d4df144e8d406438a78b61fabf2e603d86d7f73256fb7768272a0cf13c857e785c2cb703e06439f33
- SSDEEP
  
  6144:bAsUSrJf6QPAL8Rcq9nJ/LVF2vmQjIOPES6Y7vxc593Z+/rv7biucmv+yh:bbUyJyQPALicq9nJ/LVF2/IOP9xkl0/N
Score

3^/10
behavioral29 behavioral30
- Target
  
  hostpolicy.dll
- Size
  
  325KB
- MD5
  
  8fb6202ae9ffc8268fc3d8728a0321c8
- SHA1
  
  e19eb4cf351ce4e8410b6387c5f27331c89bb7d5
- SHA256
  
  58245922c9346264ee1fe9775c5bbfda2aa6ba2bfcf0a3e61a28c8a470332829
- SHA512
  
  ba1c815315db31916b2358094292a8f858489808f4ab1dd8925a9899f9ff947987fa2b569c815c106ee99a7108c3ee1925af93536ed057ec076232018b861617
- SSDEEP
  
  6144:/w8J6YIKPctXlk6xgauBu5GeUpgASKhtAYAvbPx8RhiGs2g9cI9Y:7ILRl7Su5hU7SKhajZ8RXPOi
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32