General
-
Target
PacketActivation.exe
-
Size
4.1MB
-
Sample
240611-ksgges1hnl
-
MD5
87fa0fe0593a2ef299681a633404dd7d
-
SHA1
bc9013fa509f6c4ed023d9e8abc7a6e93815e6c5
-
SHA256
41f44fdc7eb02120732d137d63c0d4783c29d1776b019418ce603dbf57211fcc
-
SHA512
94e471f564bf5769f97645c8e29a7e8b9d8bffa18961709ea55e8e7bc5ca63607d0e00c0ab39a1c52cac7748827963db6a23ebd4e83dbe812fec38bc1dfac4f5
-
SSDEEP
98304:qNHUrw3RvYaqAhL8l+4gq5weeAtEkQM/BGPI4TEJeM4f19D:qFUsYaXhL6M5OEQbeZD
Static task
static1
Behavioral task
behavioral1
Sample
PacketActivation.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
PacketActivation.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
blackguard
https://api.telegram.org/bot7140928156:AAEztW6njaBSBQenLVfrMSGqlfVmVwIcmu4/sendMessage?chat_id=6264855427
Targets
-
-
Target
PacketActivation.exe
-
Size
4.1MB
-
MD5
87fa0fe0593a2ef299681a633404dd7d
-
SHA1
bc9013fa509f6c4ed023d9e8abc7a6e93815e6c5
-
SHA256
41f44fdc7eb02120732d137d63c0d4783c29d1776b019418ce603dbf57211fcc
-
SHA512
94e471f564bf5769f97645c8e29a7e8b9d8bffa18961709ea55e8e7bc5ca63607d0e00c0ab39a1c52cac7748827963db6a23ebd4e83dbe812fec38bc1dfac4f5
-
SSDEEP
98304:qNHUrw3RvYaqAhL8l+4gq5weeAtEkQM/BGPI4TEJeM4f19D:qFUsYaXhL6M5OEQbeZD
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-