blackguard | 5b4e091f4ff55c2d426ca3ab68714562387fb615b820bb32dd696a150f3330cd | Triage

Sharing

General

Target

ScanGuard_Setup.exe
Size

54.8MB
Sample

240803-cc3qqatfpe
MD5

6a341a3120a8e9140076e7f07a14ac00
SHA1

93c3ef60132b89cecd1418efbfc396c7ea6ed513
SHA256

5b4e091f4ff55c2d426ca3ab68714562387fb615b820bb32dd696a150f3330cd
SHA512

e19de3685d2bd55ed67bf35044889eed56b0e02ae408d834df13b72d59b345162166bdc8348f4c01c7d850c14cc1b0b771cf5f92bb3ecd4adef427d860a93a48
SSDEEP

1572864:N4kqcnVXU29JlWMOVqvvIw7ZbN7vF6P0EVAWZZLdwa:bnVXV/lW3Vq3Ikf7vF9Bi9Sa

Score

10^/10

blackguard discovery upx

Malware Config

Targets

- Target
  
  ScanGuard_Setup.exe
- Size
  
  54.8MB
- MD5
  
  6a341a3120a8e9140076e7f07a14ac00
- SHA1
  
  93c3ef60132b89cecd1418efbfc396c7ea6ed513
- SHA256
  
  5b4e091f4ff55c2d426ca3ab68714562387fb615b820bb32dd696a150f3330cd
- SHA512
  
  e19de3685d2bd55ed67bf35044889eed56b0e02ae408d834df13b72d59b345162166bdc8348f4c01c7d850c14cc1b0b771cf5f92bb3ecd4adef427d860a93a48
- SSDEEP
  
  1572864:N4kqcnVXU29JlWMOVqvvIw7ZbN7vF6P0EVAWZZLdwa:bnVXV/lW3Vq3Ikf7vF9Bi9Sa
Score

4^/10

discovery
behavioral1 behavioral2
- Target
  
  $APPDATA/ScanGuard/updates/SAVAPI 11.0.1/aebb.dll
- Size
  
  93KB
- MD5
  
  2af40e6f90240525f8cd27961b53f2db
- SHA1
  
  5eab9dc2edef6140df6842811da9e8ae9a27cbd9
- SHA256
  
  cd6fcce8f0a2e4f832894abe41f2c4e7c0ab97b4a46eb478d085ffbb9ca36b5b
- SHA512
  
  ba80cf1f33e14d5dd3a3f96196e265d33920ac4fcc23dd3da61e192233401aad522fceea4a295628f03345ec3e43ae16542b0adcf8adcf0ee93a3f2114c2bccf
- SSDEEP
  
  1536:BwgYl1cyd7JwVYgPj73dFZEqusWhmcdhRktha4rbtqa:B4t7AYgPjfeZHhRkthaFa
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $APPDATA/ScanGuard/updates/SAVAPI 11.0.1/aecore.dll
- Size
  
  310KB
- MD5
  
  2a4261a7dde3fdfd43793ca431890f84
- SHA1
  
  8be893f9fd941dc0971498587f52228e2e9d69b0
- SHA256
  
  1eff4b5bafa7a567f756a85297733802215bd9135e627e0cc6255c65dc87ca22
- SHA512
  
  e0e584174d61387e88adb6e5a618461a71039de773666f557fd19ad4c6300d8b9bfce505b032efcfdf443ded1e97678c2e504b4e893209ffb246add683b26abf
- SSDEEP
  
  6144:xwIt+l+nab5lgF9KqSUuYM5hXLbnlaAcQkwYxhTsEaq:rtqVYF9KqSUuZhXLbnlwhTsEv
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $APPDATA/ScanGuard/updates/SAVAPI 11.0.1/aecrypto.dll
- Size
  
  163KB
- MD5
  
  e824d826c0ebb30047aaa308fe03b6c9
- SHA1
  
  1778f29052920ddc7ef192761123013cb7f648d2
- SHA256
  
  8cb77f5fccdae7f9661b81454437928fa697a8d2c2cef8f61a3772cc766d6d10
- SHA512
  
  774111704c1d7680bce109e7fe5b2f91f415e5ff62432f8e52ba6c2a2b8986aa17c8487e0f0562818fe8d0f12af76d29965fc24a1f612eb71f149ecf60f0537a
- SSDEEP
  
  3072:YVuJFpYwK3LS25lBkL3zijjk+omocplwyew0CCNMCDLZ:GuJ43eAIEjkwdHMZ
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $APPDATA/ScanGuard/updates/SAVAPI 11.0.1/aedroid.dll
- Size
  
  2.7MB
- MD5
  
  8facd0e1b34b24d3b7adb3b9be3375dd
- SHA1
  
  f7ac09b72c91a8c54e266b7f6b68b2e40366d026
- SHA256
  
  12bfedbe10041d39020e9a15c4cc3d4b557a7d4fffe40cf2d75caecf5f1ed1ab
- SHA512
  
  55fba8645835c69fe6e93da395de726bbcc0b3dd0049b5e4673f811cb92bc911a8bf1f6706a0922548635aa81d8aef95c3779cf827e52e70f851fa0be6a0c502
- SSDEEP
  
  49152:2bnUI0myoyI4rlfff/MtGcMnrjD4LTQXJfRI14Ka8eGAp7dp9sCais5jDY5rGjS/:OnUI0myoyI4rlfff/MtGcMnrjD4LTQXv
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $APPDATA/ScanGuard/updates/SAVAPI 11.0.1/aeemu.dll
- Size
  
  407KB
- MD5
  
  02940a21ab69d26893bc00c064be569e
- SHA1
  
  e6eb2ba77bfa72fda91ba46924a18b8ad726f7b5
- SHA256
  
  9c9e782ac4490372119a95cac641970d805679a8aeef2ad59ee28c1a942cf5ac
- SHA512
  
  fac2069467c574b856fdb4597fb973b9a4f3fef5288b0ed0bda72136f48ffce58063ea5b251ae01216f744ec17d2c824f07593f8de885bdad123f5867510b21b
- SSDEEP
  
  6144:HC9iYUBfVOM2SO79GGphjkL1HEli3ETCmkGeqcupFRiZnlQpeIj8+u4:JfVYVFphjkpHEli3ETCaZpFdeIQy
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $APPDATA/ScanGuard/updates/SAVAPI 11.0.1/aeexp.dll
- Size
  
  386KB
- MD5
  
  faee506a935d68524834d090cb0fc16e
- SHA1
  
  f3927c0170f15c1ad895f57aab48167781c51eff
- SHA256
  
  911d01f963ab2236e7bc977f96e84f292bef07f48f40f8927115e2b056992aa8
- SHA512
  
  5b15442e84e828425832659124398cb867a3cd70f48e85c2ae6eb2261d9f83101e148264349f05b86fc8b034af6ab5dce0579c106e0bed95a8aa656839903a53
- SSDEEP
  
  6144:TIJxzjiTLxYnFZ9YJSXAVkpzFJv+rN0QmwAdWy9kvTZceYD+Pzb8ljBUJ:sxzjiyj9s+D+rNmjYy9BeYbPUJ
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $APPDATA/ScanGuard/updates/SAVAPI 11.0.1/aegen.dll
- Size
  
  742KB
- MD5
  
  163ea96ca0a9b9f7469dd128fe5bce04
- SHA1
  
  60f4a01001fe4ad3b2aea24ce0b535a7d863f333
- SHA256
  
  519de6c5006127a5f4174c6f6a13d87cf30a2e866bc1eb95545d67a2ec0292f2
- SHA512
  
  b088619bcb30e2f91c5ab4c6a2777a0b163e60f33ec6475a2b00d1c711f6fa86f621f8475026adf71adf3ca863911686e03cf98bf913412ac5f8e4b269fffbc1
- SSDEEP
  
  12288:dgIV1xhEHTAr7c218TOVDkAIx7RdvpkqpApOxvwwacO71fYl59y+mFTV:/lEzAr7cU8TUIAIBvpkqpApV7cy1y96b
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  $APPDATA/ScanGuard/updates/SAVAPI 11.0.1/aehelp.dll
- Size
  
  323KB
- MD5
  
  c56e6711d0c6dbb6bd7bafbde06e9c90
- SHA1
  
  872c3d8d2a54ac10c22861052498c2ef954f8004
- SHA256
  
  2c0b8af1ed85fa5ff16f87f3c58beee9fc0230594dd062913ec5ce87abacba4a
- SHA512
  
  611892b7b5a4a51fca74ee0d4d2dfa6a02ec22eda0fb9c24ff51a7f33a695a2aef3bb222763cd7ac5d0d6d5529634493fd2abd0a2c38fbbef34358700d65cb8b
- SSDEEP
  
  6144:qJcM9/q39zJguo+i6d5Pjsyb4BIdhqDiD+o9RScE72UG9zxAe:Ux09tghUZsyvPS4UG9zxJ
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  $APPDATA/ScanGuard/updates/SAVAPI 11.0.1/aeheur.dll
- Size
  
  10.9MB
- MD5
  
  d3f86394440e679a8be729c2af168169
- SHA1
  
  3c50ae00ca1c65b71f6f01c18a1507c03207df5a
- SHA256
  
  23bfdb21548d8b0da6b1d63167c44207a3fe7f613bf36406168c667bb7d0a4f5
- SHA512
  
  40abd780623276742f4ff5e89135e1223e3f7226cfb8af66f87646bcbb46c46e23eebe1a4bf3e4e0603622fb803d91d4c7f25c31283cddacc9037335a436c936
- SSDEEP
  
  98304:9/P/JUX4fQyJVTL4sxamHxu0dcSgrz/2FJEncELaq855k0rmMxzuIi5dYPnu62QX:nmN1C1Nn7
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  $APPDATA/ScanGuard/updates/SAVAPI 11.0.1/aelibinf.dll
- Size
  
  105KB
- MD5
  
  21432626c63068ee47107da801c05ffc
- SHA1
  
  1b011f00a0a01bf217c41a0f5cb7d8c0f6b7046b
- SHA256
  
  812442ad5cdaeb6dd5dff76ddc3941fb9a1a56f999aa836f8fcbf4bb9e1b488f
- SHA512
  
  1c6e973be37fbcfd2b945fbbde57afd37525aafd475b4229db8296ce48cbcffb2a092fb1d226b6f655a491535f7f2bff5139522daff92bf002304545fbeb596c
- SSDEEP
  
  3072:nA5Fh7lNUcO4WsdDKs63FgJln2qVsdP0xKMSET:PAWsddFV5Vsu8pET
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  $APPDATA/ScanGuard/updates/SAVAPI 11.0.1/aeml.dll
- Size
  
  340KB
- MD5
  
  0de0cb670e3046e388829fdab6910a9c
- SHA1
  
  2b9daea0200fd1c442c9a3a967bf51d68f7ab80d
- SHA256
  
  537b3ea2ce48dc0cc343c1c6ce79ae5ba527b2fcddea24cadef1fc1eca8c42cc
- SHA512
  
  7e7ab02d20c3a1b8f76ce8c951570be1e719e0533ffc14970c958240a6adbe1c8ab88c826ef21083db0c74c6f83a1c9262ec6b2371b72d357bf6d5a298ba6f33
- SSDEEP
  
  3072:qsjdmLYGV1RkWeY9aN4R8kGW+JVhyTWrZy6xLqOVqrsyyP0Y:qsxmfRk4UkdGW+CqRVqrLY
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  $APPDATA/ScanGuard/updates/SAVAPI 11.0.1/aemobile.dll
- Size
  
  369KB
- MD5
  
  b132b36c0b53839ee1c0fc8198170157
- SHA1
  
  3e7394ee8d3c4c0f36e00466fe0191ede592c01b
- SHA256
  
  3137d3d95d1caa59d349645ab8087d6b0c7cc3321873789c738553d4471143c6
- SHA512
  
  1bba22a77ceaa59c00cf0d10a7afced2161985d8baae94c9cfe0cd5171464f49c53113b4ba8a027cb727aa242a23f79c1cf19a4df821ef6ac00f7a7c2ecd155e
- SSDEEP
  
  6144:pHfeO55RAQ9JUDSzFPCMhgFaaIembdw2p52s5dEy/ZAuvGnAQyFuDlXDG:dh3RAQ9FFPRImxw2fZiy/ZAu4DU
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  $APPDATA/ScanGuard/updates/SAVAPI 11.0.1/aeoffice.dll
- Size
  
  1.1MB
- MD5
  
  3dbd9c8da952507d0df2b46308fe83a2
- SHA1
  
  0d38ee68466f818e880680b73f5f74ca300ae629
- SHA256
  
  4a3c2f29b2ab5e78e5a1558d2ddbc564cbd4474ce4115001ba6662c143b6482a
- SHA512
  
  1e6b65fa80d95d1cb1da72b7905105f4b4fa6ee7c1fd63fdd7728a030ff42b9177e2eb0fbca1e64f44a11a253defd7bd179bc8c596fc565f3972ad89cf5c9616
- SSDEEP
  
  12288:jk1fpTUcoWP1AOSRCEL6/CJ1KVm0yjw0REYVXkVzLKt98r0:i1UcoWPBEGyKVLow1YVUVCu0
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  $APPDATA/ScanGuard/updates/SAVAPI 11.0.1/aepack.dll
- Size
  
  863KB
- MD5
  
  26ab6a0a9b1c59a01f9b45bbc0bbc65d
- SHA1
  
  ef282c4322c361aaac6d70d0e27d4b2292de4999
- SHA256
  
  fff47393adf070bc04d044c0a939c620234881e1ad69d3776146e32d25e1f36d
- SHA512
  
  f17aca43e9f66ae21d295af5fbca5de0770ef77eb602f74ac6696aa9cf9af9884df21f9c9a98a6aa5d9ba5bbb3f9951c952d608dc3863e6a8a6a6c053639f26a
- SSDEEP
  
  24576:1oHuMoULNqpg3NV0ug3YdXIsPt5AUzp/X:mvom5NkI+UNP
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  $APPDATA/ScanGuard/updates/SAVAPI 11.0.1/aerdl.dll
- Size
  
  1.1MB
- MD5
  
  62f7467baebb56a8beea7fffa6c4ee7c
- SHA1
  
  c13eb821d2675f110b1a38f8c0842b91edcab9b4
- SHA256
  
  d049ab67daae27ab3840730cadc5a82dfbd269b58896b9f8289324816e1680eb
- SHA512
  
  d31498bdee77fd498226d6c971dff65eeecec66811109f1a729858fee6aa92f6d1601256740417ba5abb72b4c7109eb3e69ecc7446093bebee62c559d4e7a61a
- SSDEEP
  
  24576:8lGo7gc5YfW4W2ERk7IERLQw33gAcRRbfQ:xo5d4WPR7GLhofbfQ
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32