blackguard | 45446f6e7551da01e6b6eca54c82f5584b34fa5b71517e2f3977939dfb0e876b

Sharing

Copy URL

Twitter E-mail

General

Target

TotalAV.exe
Size

72.1MB
Sample

240712-bv85sashqq
MD5

596d83d9360e43ebce886e6375497468
SHA1

6e280c2291bd1223c31154c91b4e919019dc7a24
SHA256

45446f6e7551da01e6b6eca54c82f5584b34fa5b71517e2f3977939dfb0e876b
SHA512

2f5897482f4e581403813894c151f11bbf7b622e5f5b5f6b724139dbda31e125183e0e49eb76c350596ec89498a123c7b70531e228f5955af35084956f925758
SSDEEP

1572864:VDaAF/pt7zg0X7whOvlU6WLC3x9etForC6nW7balgKwYJa:VD/3ucdU6WWhAi7W7GiCJa

Score

10^/10

blackguard upx

Malware Config

Targets

- Target
  
  TotalAV.exe
- Size
  
  72.1MB
- MD5
  
  596d83d9360e43ebce886e6375497468
- SHA1
  
  6e280c2291bd1223c31154c91b4e919019dc7a24
- SHA256
  
  45446f6e7551da01e6b6eca54c82f5584b34fa5b71517e2f3977939dfb0e876b
- SHA512
  
  2f5897482f4e581403813894c151f11bbf7b622e5f5b5f6b724139dbda31e125183e0e49eb76c350596ec89498a123c7b70531e228f5955af35084956f925758
- SSDEEP
  
  1572864:VDaAF/pt7zg0X7whOvlU6WLC3x9etForC6nW7balgKwYJa:VD/3ucdU6WWhAi7W7GiCJa
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  System.ComponentModel.DataAnnotations.dll
- Size
  
  16KB
- MD5
  
  90cae7aeae69a01d89f82fad004d2cf9
- SHA1
  
  d9efe98f9207896a9a2ebb94178eabea6a608c36
- SHA256
  
  6a6c2328d3f1919cbd7115bbb2f65105b0315724d931495c6279eda61917cb93
- SHA512
  
  8ec4c8951108682972c50ea0f57c528187dd124cda818e74ddf3af3bfa9735dafc7065bf8658487d92f56d4f82b93f0c06b1757af554f7d07b172ae06d0be737
- SSDEEP
  
  384:XGpmblJeIeGXxyYl8WTXWibTb2HRN77/6fR9zjgRc:XGLaf/i09zH
Score

1^/10
behavioral3 behavioral4
- Target
  
  System.ComponentModel.EventBasedAsync.dll
- Size
  
  46KB
- MD5
  
  85d20e23388d25b8955b02fab8d2c1e0
- SHA1
  
  7cda8864afa3bd85fe6be57719731ee41989849d
- SHA256
  
  98ccfbdc64490d49b5893288e7acad0831eefc015b9743b75aac146e599df9a9
- SHA512
  
  21c9a325361ba8c989b61801fb63e7ca1d5a95aaa2bb6c8fd0f3875d9104f79e8fb694b852497b008f4f9ee259468841be7e490e4df34eb816a00b0157f7e795
- SSDEEP
  
  384:bWTwWifTTZa1IdWBj/D3fM57bQfL9XkWovbJKfCvDXxO88+aEZ4jIwVQBvyW1QUg:0Dlzfw7EBWd88IVq4F/it9zO/f
Score

1^/10
behavioral5 behavioral6
- Target
  
  System.ComponentModel.Primitives.dll
- Size
  
  74KB
- MD5
  
  66038cd6411961e8de7f43ac5bfdb28d
- SHA1
  
  71d00e6e5bbd4962305a2eddfc824cd6e58883ee
- SHA256
  
  47db3189335fa63213c955cbe5b23016a2193ecab410ac3553b2f0363a13eef8
- SHA512
  
  d5dfe197fb9072bf8d86ebd2128551cc4f268ca6fffc3241b9e2882d5ec43bdd9fd9efcd94c22f2d7d1df9a22782fd54aa21ad6905eb76550194cda4faef55ad
- SSDEEP
  
  1536:Jswg/p4WaQgo2i8dYRmmb4dlI79ZvD2ols2+xetj8iF2z6M:Jswg/p4vYj79xD2om2+xlWM
Score

1^/10
behavioral7 behavioral8
- Target
  
  System.ComponentModel.TypeConverter.dll
- Size
  
  670KB
- MD5
  
  b2b20f486bce77aea4acdc0195d56c46
- SHA1
  
  78d478807584b76f5a83d7ba6dd65aed608a0b95
- SHA256
  
  d6a0dd732563d4d2e9af1399fbb30a6799b48289106bc5535a399d750d02b7ec
- SHA512
  
  5e3983604d498ef09b8f4db58c4bfdfd16ca44270c5611c3ceb0e059803869e30f008aec2f4d6a76e91683f56dab600205f746064c1c64c20fe142c93d777adc
- SSDEEP
  
  12288:F0LVBGq3r2i++kwEHebAllWw6bq+YDMpBiXxDwDgSsr+lJDAr5chv90:azGqi7+kwEHebA5SRyMpBizSsrUQ5Qa
Score

1^/10
behavioral10 behavioral9
- Target
  
  System.ComponentModel.dll
- Size
  
  30KB
- MD5
  
  c50993dbe2b5d99e599e673921d9001c
- SHA1
  
  edbbb19d5f322263cab868fd3bcb5486bedafd8d
- SHA256
  
  ed59bfc1b42d9f3072dbfc0c6c87f9ee5013015cadfe8858ea466876ff5c0c9a
- SHA512
  
  20f810ac86d2e51cde85dbf571bd2558b711efe3ca873ab34f34e27882bee3019ee2cf81094fbd3087cb492eaad080ab2ee8561b8405ae9c44e7f8a56ebed815
- SSDEEP
  
  384:MWz1WiYqMyb7+hN0ACq45kHRN7ny49R9zeTLr:ZgNldny69zELr
Score

1^/10
behavioral11 behavioral12
- Target
  
  System.Configuration.ConfigurationManager.dll
- Size
  
  942KB
- MD5
  
  297eb82602c2b3646acbb82ce8548540
- SHA1
  
  86f135f81ca2aa6c7217f9443506bf176aaae1d6
- SHA256
  
  cf2546b54265efad00c233b7c73d7b0121576308ef9e35ea6eb10c8727cc24bb
- SHA512
  
  a38d9380eea3403578eedcbd7b882feb9ccaef7463ba3fd3dd728f557a8f93d3823bbe9fc3649cf6e9ff6da961ce82f7209a946f6cb10fc7585e1ec9bc6618dc
- SSDEEP
  
  12288:rGvbfOsdV0Z8oApKK1sPTdokGH5OTNWLOdN2wi3k0nM64/3ABjiqPA5xwqaYp3pg:rZaNm/3gG7Va2/nZ6j9pCFgfIooKp
Score

1^/10
behavioral13 behavioral14
- Target
  
  System.Configuration.dll
- Size
  
  19KB
- MD5
  
  e1bc2d8c7ca716b7ecec4a50dd9e10ed
- SHA1
  
  225b7d896f156716055c9ae2ac8525dfb10ed755
- SHA256
  
  1c84a54b1c629e278fd72f600b27d3675b32fc5f0759118c21196ae13641466d
- SHA512
  
  73576fdc098d61df76f3231a6150ff70cd20b59c3925164de09ecb987c7aac936e6f2cb4c3e7d56a17bda3fa1449539decebfced39fdc04f77a9274f970509eb
- SSDEEP
  
  384:4MXTSv/fUNRvGZYdf3zyP/weY+rHsWcNWiATb2HRN7W9R9zFHpe:jQYlO/i29z6
Score

1^/10
behavioral15 behavioral16
- Target
  
  System.Console.dll
- Size
  
  154KB
- MD5
  
  9b18a6627b27d2aadad0d7b2dc42414d
- SHA1
  
  eb96a2e1ffa11dd3167fcabe69c4768e514dde95
- SHA256
  
  79815e1044ac3f10597a9014d07b2c5aa5a2b7e7da0299843e3ef1bae5a5b7f4
- SHA512
  
  9cb0bcbd3b63c470101a2e91b85c918ca25fa06ea07242f33141a42d9463882c86277820ec6658bfedb55098304f5f9c0a967498619c4df20923973656c7c5b6
- SSDEEP
  
  3072:AoO/mX67cJR50QAuetvH7ARZvcKZF4fJXtq3:1X67cJR505b2ZvcKeh+
Score

1^/10
behavioral17 behavioral18
- Target
  
  System.Core.dll
- Size
  
  23KB
- MD5
  
  3c0d1372b4e42ffba7c4ebd1a9eda2f6
- SHA1
  
  f99a3f3223425c064f2d136c67a21317cb592e4a
- SHA256
  
  4598a1338d54bdbf2f46bd0a9b745d828548a3b79ba94ff2fc0d7d2390436264
- SHA512
  
  0f719a273d25295df89203527ed5f627ff97e34437b5f84c8401b76cd961675eac4ed2daf48a62e55b6dd6b6e4c9cbc7d34e72b5df7c9519e1326011379b372c
- SSDEEP
  
  384:vS9H4Ay0l9Jr3OzFPhoact/iKMePLexkrW1rU1ZXtW5BEDWN2WitTb2HRN7ESR94:69H4Ay0l9Jr34FPhoact/iKMePLAxiwe
Score

1^/10
behavioral19 behavioral20
- Target
  
  System.Data.Common.dll
- Size
  
  2.5MB
- MD5
  
  d5f0d1298b05b963f7940f7e7134ad2b
- SHA1
  
  f8c85d1f24c4603cba29a32d5350640bf4461144
- SHA256
  
  aca22c0b307c85a55291d8b11b5227c5c238171c4ca68f66441f9ca1d0e7942f
- SHA512
  
  34320a7ba07a30192557e1e5e7965a7a3f463518b735edc3fe79bb29128f21c70c7c93d94acd0e1cb6ea1c7c65761f747b9c2412d2dbf3502aa50a5c8ca5fac3
- SSDEEP
  
  49152:BLC7Wo3BjTBKRxy/yiNg9cb8mL1ei0L08Rs85hBhJWBjHbkZe:B0q9cb8mL1ei0L08RseWVHYZe
Score

1^/10
behavioral21 behavioral22
- Target
  
  System.Data.DataSetExtensions.dll
- Size
  
  15KB
- MD5
  
  a70183ea769381fc761341d879036c70
- SHA1
  
  725928cca9f011516cf1003397f28b3c641f96d2
- SHA256
  
  6dbf4cf528f85bc5fb2898b7dbf2de2a93dbd52d0dfc0fd7d1072ccc0c55867e
- SHA512
  
  dcc84897e0857c951ba4807ff8c2a7e1bd0c9b165287f2fbe5b28a150be466ea117799b6149a0757134d78ff62e8b055f7a91f515aa04660326fe5f83254d1f3
- SSDEEP
  
  192:CmoSF/eySW77WiBuWXebPpUNTQHnhWgN7acWB+z5NVAv+cQ0GX01k9z3ApyBE4nN:ZoxW77WiBTb2HRN7yq5NbZR9z3E4n17
Score

1^/10
behavioral23 behavioral24
- Target
  
  System.Data.SQLite.EF6.dll
- Size
  
  201KB
- MD5
  
  5aade44cbdc252e5beaa7cb4b902c58d
- SHA1
  
  abf63997242e09a937d13365a055f13803838171
- SHA256
  
  165f99e96a4360579498eaac8682543101bde8eac271774fc0398a38c852d3cd
- SHA512
  
  9452e99d671a5dabc8a0b61dd0641969e2852a8ed079dc202f367c9e1493d0b6636ed99c14f9b50d886c03a3e7fdd69a367b72ef9581da6b7eae32afc928fe45
- SSDEEP
  
  3072:GNh7rDcCmzJzAI1dvhyJ6KP8cjJLUx7L4xV:Gb7/mV1K6KP8cp
Score

1^/10
behavioral25 behavioral26
- Target
  
  System.Data.SQLite.dll
- Size
  
  417KB
- MD5
  
  0b7b81a16678d14ef2ee32ec3fb1212e
- SHA1
  
  60d40fb1aeb34698d54062409f7340bf08250142
- SHA256
  
  e9a36502e649693e290263682dfb3f023f593445473618450d0cce2ce505dc2e
- SHA512
  
  fb38b839d802ef245ca710e9da49ffd9710b72f70942f4ec3f728b6adbcb72dfeb130fef5aeb17440e09267ef2708b47b8c313040313e81251f4c11234825d67
- SSDEEP
  
  12288:ADPeKKrekf1sVIG14FNFfcaFeFOFwcGF6cmFWc0FWc8cIcKcUFJFpcNcHc7cbch1:ADeK4qmG1iM
Score

1^/10
behavioral27 behavioral28
- Target
  
  System.Data.SqlClient.dll
- Size
  
  999KB
- MD5
  
  0aebc8e926bd1f1269e5a053b6b541dd
- SHA1
  
  b40671a4d2973a1e4d71dc674308b8883ebe58f9
- SHA256
  
  5f79c075d83904ac64510c3dc77e45980ea38b82204e39c3913531bfff78585b
- SHA512
  
  ab5d8f401f86c911de64d8083e507c63012d9ced7af32fd28414104e4c2e89305fbe09c49ebe9f1b2ae45fe1f45c9179bcfa4a2324d8da1201769faeb11f1a45
- SSDEEP
  
  12288:9SqIAB+KyECe4rnKwJyjyIcAL07LgUulGC9337lTQaf60FhFoFmF8cjcsc4FEFbZ:9SqIAB+KyECe4bNyjyIcALCgUud7lT
Score

1^/10
behavioral29 behavioral30
- Target
  
  System.Data.dll
- Size
  
  24KB
- MD5
  
  b5437ff46bfe849d72448538f858cbed
- SHA1
  
  ccf67b2cc5b138fe3a9b0b1122388a2124ba136d
- SHA256
  
  b37119e9af0133e90a42a542768f130bd7f4d0a1b90a31a4c9c3967b20d2a39f
- SHA512
  
  16cf531b355f14b33d06ed8a76d21d66f24bfdb3f7196dd2e13981ec40a82c23ce9ba1f4b41e67842eed15edcb02142e8db1e491977858d7c6e5fda39b796f03
- SSDEEP
  
  384:d/AAaFiTCmM82SuxDJQWWNFWiV5kHRN71PkP/6fR9zjgU8:5paFiTCm0DJQl259zm
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32