blackguard | a759f450c9f1e6815b3dccd0ffd77e183794334eaf60ba77fb0cd7e5a7d7fdda | Triage

Resubmissions

07-08-2024 12:20

240807-ph2rtsyejj 10

Sharing

General

Target

TotalAV_Setup.exe
Size

54.9MB
Sample

240807-ph2rtsyejj
MD5

5c61b919d5e5bef168828f597bba08f7
SHA1

08dcc90278ebb0062b7ba54755c150aa4d74c52f
SHA256

a759f450c9f1e6815b3dccd0ffd77e183794334eaf60ba77fb0cd7e5a7d7fdda
SHA512

ccda69ac564e8dafb600dcabbc1e77e18513372eaba96b0d892cd0c20557516f934157b8837580c88d7eeda28db9db0fedc026a19b7a0355b80e3c80081df230
SSDEEP

1572864:05ORAgTwb7Sido1ytYZ4t4wgCVgzrZ5M6bVTacJX:BRAHSidIjwg7vhEcX

Score

10^/10

blackguard discovery upx

Malware Config

Targets

- Target
  
  TotalAV_Setup.exe
- Size
  
  54.9MB
- MD5
  
  5c61b919d5e5bef168828f597bba08f7
- SHA1
  
  08dcc90278ebb0062b7ba54755c150aa4d74c52f
- SHA256
  
  a759f450c9f1e6815b3dccd0ffd77e183794334eaf60ba77fb0cd7e5a7d7fdda
- SHA512
  
  ccda69ac564e8dafb600dcabbc1e77e18513372eaba96b0d892cd0c20557516f934157b8837580c88d7eeda28db9db0fedc026a19b7a0355b80e3c80081df230
- SSDEEP
  
  1572864:05ORAgTwb7Sido1ytYZ4t4wgCVgzrZ5M6bVTacJX:BRAHSidIjwg7vhEcX
Score

4^/10

discovery
behavioral1 behavioral2
- Target
  
  $APPDATA/TotalAV/updates/SAVAPI 8.0.1/aedroid_gwf.dat
- Size
  
  4.2MB
- MD5
  
  961a1c1e0dfb8b54019c9ccec510b3ad
- SHA1
  
  ced9c7e98809bb7506a17644144efcbf50bfd10a
- SHA256
  
  50a9af9ac743d6a7f2741a3ab39717c8c7e618630b7688dab60b57b97f840b9d
- SHA512
  
  fca12aea31d0cb3b71b73456606b91d97f6bd3366591b65191ce6edda8b6ca8d53e07da4a5a95d9242a43b2c20842dfc1f9b39bb4ddc47058afd86530bb2afe4
- SSDEEP
  
  98304:pn7ccmeV0TkXxuwIxSt/C5ytS0BLC5KjeVdL+l/wSFHiw/OGPWqxcH8U:VccJ0TkhuLx2qyt/LC5vXGYSl9nOBHh
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $APPDATA/TotalAV/updates/SAVAPI 8.0.1/aeexp_gwf.dat
- Size
  
  59KB
- MD5
  
  d68dbed2d9e81bb670e94b0b550cccdf
- SHA1
  
  edebaf42b7b772274ffbdf070d965aa585cb14f4
- SHA256
  
  2d7925f16b1b835b7265d1c04c38c599f2b25c5087a0005dec60dcd22e9f3dd7
- SHA512
  
  162c6078492870fb1712968e5cf81e99b0e16dc2c737eb56f5dac1e17a66457382d555faf2ae9096b5e0103cf79e79c629007ca2ccb80d422e424fefe3a6c734
- SSDEEP
  
  1536:lalK69DzGxZ+w0R++MOp3lH3iEZdmD4QKdTZ8bEnicyhgAj:IoGDixZ+n4+Ma1yIPQOZV9e
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $APPDATA/TotalAV/updates/SAVAPI 8.0.1/aeheur_agen.dat
- Size
  
  1.5MB
- MD5
  
  068ac37ab32582b1ddc2b67c37d26579
- SHA1
  
  1d9242363774eabec85c40e9068ece04ac47b2ff
- SHA256
  
  5032089b644646e4e17890af77f0735e78c9b0cc98fb05506239518be42807c7
- SHA512
  
  550fd39bf1d590eeaad6a1527e4c6b72d9b266ce6b87538b834334cfebf8801be3365d941a4d61060824e13a373925b412d9502109748c08eb814c66b231c4aa
- SSDEEP
  
  24576:rrN1azun/taYrxuk3XHTx1Tx3VS2sJphZSWe1ppkaahDAAXPKCpD84IxY:PN1b/t5rE49Bx8pJFSWg2BSCYxY
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $APPDATA/TotalAV/updates/SAVAPI 8.0.1/aeheur_gwf.dat
- Size
  
  912B
- MD5
  
  27dbb4a716dc8d87eac34a14f814dbc8
- SHA1
  
  2f3c673d444a0b996d609136d8741f6dfc47ba6a
- SHA256
  
  b90baa70bd07bc5b3573909b37a6cf4fcccc3d7c9702806c94bd843988d0ed5d
- SHA512
  
  dcfba0317f02771d40fa190e78c19fa2e178d0ffadd6b8d22da4be7f66a3e7983da2a0c14741ab9df0d9f034754c4ea758d758ec7a65c53f77f922d13648e9a5
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $APPDATA/TotalAV/updates/SAVAPI 8.0.1/aeheur_mv.dat
- Size
  
  3.1MB
- MD5
  
  444837d881e5ee243e0d378318ea50b4
- SHA1
  
  ec1fa6999a8b297103199032527ac82de1f71730
- SHA256
  
  8623727934f3cf7bf160214e47e6f3691673d82c3035a316a8f3f6e2738ab116
- SHA512
  
  a27e2e1a5032a1198c06bfd64bb09c4ec1423ff99a43d7b05512ddd52d8da8023dd2e6ad18b1d1a881a59a49e1bf16419e42b97c119fc4164fb87dad6d9604f5
- SSDEEP
  
  24576:CXQ7NQ74StSlFGD2npLqhqi0JRh78fVNmNxrcJpMAMNbo1XeA508eY5pp2jAVkW1:FN9M2AhknQ6Bge7A51b
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $APPDATA/TotalAV/updates/SAVAPI 8.0.1/aelidb.dat
- Size
  
  86KB
- MD5
  
  e12b4507919ef2d5b5f2b5332f7c2bb1
- SHA1
  
  4dd0c1870754a4052f9de5f09f69df3f7bae4b3d
- SHA256
  
  ca5bb2f6c93eccc1ef5a2b2aae25b4976a2ce320a52d13d74f12b65205678e53
- SHA512
  
  74a2e05077726ab00a810325d6be729c001f290977c9e4e3d81d3f4fe4398317698510a0bf5d5014625e5c740f11dc10cf004cac343cd1e4d8ab82908a0376ad
- SSDEEP
  
  1536:FO4WQ7zW+Du+XTe8+bv2OMtIW82iH5ytCHyfiaHBzPTZZXB8jirkm1l:1NzXDFjvM25o2iHMWMzPZ0ib
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $APPDATA/TotalAV/updates/SAVAPI 8.0.1/aeoffice.dll
- Size
  
  790KB
- MD5
  
  ade1cd616758d98b6940bff8a327c719
- SHA1
  
  899e7c2ba09039056b17d2bba0ac87cd2a60c224
- SHA256
  
  1c2a0d870f46575dfece1758809ac4d7f5e37fdb945a874512f99f275c4d2bc0
- SHA512
  
  ad3249022c85851dadb717b0d1249b02eff89002004b98afa56c48b8c3d4de84a3345e0db95d387aef467bf80fb9250c9d73b580092b480bd96210e939535cd8
- SSDEEP
  
  12288:y8AvzivsdXkMME5zFVtuEDJvv01s+uUoTrTPe6sT54c:bkGvsdXdxp61s+uUoTrTPe68
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  $APPDATA/TotalAV/updates/SAVAPI 8.0.1/aeoffice_gwf.dat
- Size
  
  30KB
- MD5
  
  0c95def0894c5e5716cf7a3ecc7545a6
- SHA1
  
  51ce428514d454e7a428d57e3e050c1edad93a20
- SHA256
  
  96e2488023689abf71cf9b951548420ff3ad9d6ff37116d4279a43b5b736968b
- SHA512
  
  2884dfc79a869b3e2db3f62340dccd3cee7746852006f67a26a26a4716ec719ba196627b18ddd775655b7baf954f668e9b5229297a4b87685f087e693184b369
- SSDEEP
  
  768:y6NQXRQOmhg0jm0fbaakNk8AWdp/2cqMgMYD82ew4uT7jKq:y6NQQi0jfGakNbAGX5gP82h4Iqq
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  $APPDATA/TotalAV/updates/SAVAPI 8.0.1/aeoffice_mv.dat
- Size
  
  1KB
- MD5
  
  0ce7e54204f99ef637b05ab9d78be36e
- SHA1
  
  3641faf0e2c345e61de14d34753ed26e32e9de6e
- SHA256
  
  2b5481a0d65c9a80a708aac3cb0ab281cd601d1274caf11517d821dbcbb9b4f1
- SHA512
  
  4ac98f69f3e9895510571d4b9952f63394cf8c1e34a4cf8a44a28b1cecc1f23fbbf245e831c2bcfa801f16735e4e16e6f3158f2dce2738a9701b6e97975125a2
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  $APPDATA/TotalAV/updates/SAVAPI 8.0.1/aeset.dat
- Size
  
  3KB
- MD5
  
  4c9ed5bf916808f45ee25456f977f4b6
- SHA1
  
  bc3101b75755a91ee25b757c547c59b998deecc8
- SHA256
  
  2b897418cb59d00a89890c8c4c264ed383a24bf319b27043862ef952dee9a132
- SHA512
  
  21bdd8790afb37417119782c46c6caf6789d79fd2ed04959f546028518ba29183be6bde4fa76a8da66e1656bc9b339e3f8c0f9b46eb77c77c26fea0fcee64fb3
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  $APPDATA/TotalAV/updates/SAVAPI 8.0.1/aevdf.dat
- Size
  
  5KB
- MD5
  
  a5061efe8e4dce49b7ac121b739e81c8
- SHA1
  
  b84a451c5ea7bb9b3ed14102341f9adff77d7d24
- SHA256
  
  4a12d2dbdea0ec6c98041ab78180e724be4ff5a441f5206a4d5b4bdf95c94963
- SHA512
  
  dff902584971d28f58129edb2179c1a552c74541b23a9abc67924c0101cc3646c1df36d1738074dc4572d79db8cf08a053a7e2b3dcb18b6c1364766ea61dd605
- SSDEEP
  
  48:IZundhvs1U9JYcLaefVx7VL3CiV+35vnBvtpm5Mf/pLt3lREyAz6OFvbewRLIMwu:IZ8E1yaSVLOPOy5Qz6YeZLct7LGSkW
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  $APPDATA/TotalAV/updates/SAVAPI 8.0.1/avupdate-savapilib-engine.conf
- Size
  
  323B
- MD5
  
  5410d22ecaf5de79e5bc31d298b20c90
- SHA1
  
  1656b8e2ca74a4fcaad70859c113abf30a3aadaf
- SHA256
  
  5c073f2195c20ba9e30e9013f99d1461b7e12d34a3920fc96f4877c9c44ea5da
- SHA512
  
  d47edb1660d1ac5104462d8f2a52b1549814beeaa12fe30bb54350a0e10405b6fcf13dd709b25b730e590b1ada88ba0105644d32dcd7f958a0c67aaf9078101d
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  $APPDATA/TotalAV/updates/SAVAPI 8.0.1/avupdate_msg.avr
- Size
  
  6KB
- MD5
  
  99a82442c65cb314838ccd27db19a51f
- SHA1
  
  f77a75f07695dae310e6f05816c21ecf3aa54b08
- SHA256
  
  aa245a1518edd42f88f17b943a4d128810b1d371b09ca49d1b17ca36bc4a1727
- SHA512
  
  d8a2601a049eac4237d2ed65eea4fa5a808ba3288fe5795b0235ae574dffa20b84dd39d64344e778615265621545b7ccd07943fccd9892bd94b53ea9cd401b89
- SSDEEP
  
  96:7+rz/vx3SFRuC9nNKZRllhXBpQisZ3i5hSAFCLYIFrGZk2Z+5ZDSLW2vnv13Srv7:qiFRuCJNKzRxw3i5hSAIbyrZ+7wnU7
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  $APPDATA/TotalAV/updates/SAVAPI 8.0.1/cacert.crt
- Size
  
  5KB
- MD5
  
  9956b172b62aeb41ca988999947a488e
- SHA1
  
  199e3607abeafd168b02b062697656a847fe4de7
- SHA256
  
  c38123acd05cd0cfe4375417f766a9a465327117f5025b16e4403cfd2e07f045
- SHA512
  
  5d365e0b88a15b43bf84650f0e98bb05fd6e0257cbd73b2227bc27b94cad3086df2a65fa227ddfdf484447d91297c48800a1ed111a6bc880da53195b8657f189
- SSDEEP
  
  96:LrBwgYufFy6nfwJeMmFtBuyuCk+Plvz49wC5UnhVhdnZrYGjWwbhliiuD:HBwgY2FLfFpbunCXlv09wfnXhNZrXxfq
Score

1^/10
behavioral29 behavioral30
- Target
  
  $APPDATA/TotalAV/updates/SAVAPI 8.0.1/on_access/README
- Size
  
  526B
- MD5
  
  8c4504c84273e7ec7be437cbd723cabd
- SHA1
  
  a10fb9ed6dbaaae70116726f5c002df7ab94542d
- SHA256
  
  006380095181e4291a88e1edd5c00258cdecd1c34e9d07a54ebca0a67b621578
- SHA512
  
  5864d1a7140369857af54aa5db1437e1bcf2df127bb46f483a455f31a6950707b2a263e2911ae905cb659d4a47da4bb8f211c4df1a853525fa32d63385fa48c6
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32