General

  • Target

    7a16c2b2c3a81b375c1fb4552dd32bc2d3a84aa1d6e644cd20c07ad220c83e5f

  • Size

    396KB

  • Sample

    240617-t8t7wszenk

  • MD5

    51c1bc9607fc8496a6aa6c8613dd022a

  • SHA1

    6d2a4f6056d51ae6b6171b42cc16713c5f6bedb9

  • SHA256

    7a16c2b2c3a81b375c1fb4552dd32bc2d3a84aa1d6e644cd20c07ad220c83e5f

  • SHA512

    274b0c18c57511d46d160fe675f3d69b7fed716ec4ccb81b89ba3b751fa1f8b014416b7af2e7564fecf2f88bb27e143c1b61bd9097db30f29f689c4ad9b5002e

  • SSDEEP

    6144:bbODqpwPEuxGH6OrwX3pwzZwEq7EtE6rBpgw6Om92BUz7BJwaPEqrPlTu3q:byPPDLOrwX3pwzZwoB7M2uvfwARaq

Malware Config

Extracted

Family

blackguard

C2

https://api.telegram.org/bot6948010821:AAEJfl5iNgu_Z6rr2SH3SeV22wpex-Pltwo/sendMessage?chat_id=6841140670

Extracted

Family

sharpstealer

C2

https://api.telegram.org/bot6948010821:AAEJfl5iNgu_Z6rr2SH3SeV22wpex-Pltwo/sendMessage?chat_id=6841140670

Attributes
  • max_exfil_filesize

    1.5e+06

  • proxy_port

    168.235.103.57:3128

  • vime_world

    false

aes.plain

Targets

    • Target

      7a16c2b2c3a81b375c1fb4552dd32bc2d3a84aa1d6e644cd20c07ad220c83e5f

    • Size

      396KB

    • MD5

      51c1bc9607fc8496a6aa6c8613dd022a

    • SHA1

      6d2a4f6056d51ae6b6171b42cc16713c5f6bedb9

    • SHA256

      7a16c2b2c3a81b375c1fb4552dd32bc2d3a84aa1d6e644cd20c07ad220c83e5f

    • SHA512

      274b0c18c57511d46d160fe675f3d69b7fed716ec4ccb81b89ba3b751fa1f8b014416b7af2e7564fecf2f88bb27e143c1b61bd9097db30f29f689c4ad9b5002e

    • SSDEEP

      6144:bbODqpwPEuxGH6OrwX3pwzZwEq7EtE6rBpgw6Om92BUz7BJwaPEqrPlTu3q:byPPDLOrwX3pwzZwoB7M2uvfwARaq

    • Sharp Stealer

      Sharp Stealer is an infostealer first observed in 2024, based on Echelon and Umbral stealers.

    • Sharpstealer family

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks