General

  • Target

    PacketActivation.exe

  • Size

    4.1MB

  • Sample

    240611-ksgges1hnl

  • MD5

    87fa0fe0593a2ef299681a633404dd7d

  • SHA1

    bc9013fa509f6c4ed023d9e8abc7a6e93815e6c5

  • SHA256

    41f44fdc7eb02120732d137d63c0d4783c29d1776b019418ce603dbf57211fcc

  • SHA512

    94e471f564bf5769f97645c8e29a7e8b9d8bffa18961709ea55e8e7bc5ca63607d0e00c0ab39a1c52cac7748827963db6a23ebd4e83dbe812fec38bc1dfac4f5

  • SSDEEP

    98304:qNHUrw3RvYaqAhL8l+4gq5weeAtEkQM/BGPI4TEJeM4f19D:qFUsYaXhL6M5OEQbeZD

Malware Config

Extracted

Family

blackguard

C2

https://api.telegram.org/bot7140928156:AAEztW6njaBSBQenLVfrMSGqlfVmVwIcmu4/sendMessage?chat_id=6264855427

Targets

    • Target

      PacketActivation.exe

    • Size

      4.1MB

    • MD5

      87fa0fe0593a2ef299681a633404dd7d

    • SHA1

      bc9013fa509f6c4ed023d9e8abc7a6e93815e6c5

    • SHA256

      41f44fdc7eb02120732d137d63c0d4783c29d1776b019418ce603dbf57211fcc

    • SHA512

      94e471f564bf5769f97645c8e29a7e8b9d8bffa18961709ea55e8e7bc5ca63607d0e00c0ab39a1c52cac7748827963db6a23ebd4e83dbe812fec38bc1dfac4f5

    • SSDEEP

      98304:qNHUrw3RvYaqAhL8l+4gq5weeAtEkQM/BGPI4TEJeM4f19D:qFUsYaXhL6M5OEQbeZD

    • BlackGuard

      Infostealer first seen in Late 2021.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks