blackguard | a759f450c9f1e6815b3dccd0ffd77e183794334eaf60ba77fb0cd7e5a7d7fdda | Triage

Sharing

General

Target

a759f450c9f1e6815b3dccd0ffd77e183794334eaf60ba77fb0cd7e5a7d7fdda
Size

54.9MB
Sample

240807-prb8jayeqp
MD5

5c61b919d5e5bef168828f597bba08f7
SHA1

08dcc90278ebb0062b7ba54755c150aa4d74c52f
SHA256

a759f450c9f1e6815b3dccd0ffd77e183794334eaf60ba77fb0cd7e5a7d7fdda
SHA512

ccda69ac564e8dafb600dcabbc1e77e18513372eaba96b0d892cd0c20557516f934157b8837580c88d7eeda28db9db0fedc026a19b7a0355b80e3c80081df230
SSDEEP

1572864:05ORAgTwb7Sido1ytYZ4t4wgCVgzrZ5M6bVTacJX:BRAHSidIjwg7vhEcX

Score

10^/10

blackguard discovery upx

Malware Config

Targets

- Target
  
  a759f450c9f1e6815b3dccd0ffd77e183794334eaf60ba77fb0cd7e5a7d7fdda
- Size
  
  54.9MB
- MD5
  
  5c61b919d5e5bef168828f597bba08f7
- SHA1
  
  08dcc90278ebb0062b7ba54755c150aa4d74c52f
- SHA256
  
  a759f450c9f1e6815b3dccd0ffd77e183794334eaf60ba77fb0cd7e5a7d7fdda
- SHA512
  
  ccda69ac564e8dafb600dcabbc1e77e18513372eaba96b0d892cd0c20557516f934157b8837580c88d7eeda28db9db0fedc026a19b7a0355b80e3c80081df230
- SSDEEP
  
  1572864:05ORAgTwb7Sido1ytYZ4t4wgCVgzrZ5M6bVTacJX:BRAHSidIjwg7vhEcX
Score

4^/10

discovery
behavioral1 behavioral2
- Target
  
  $APPDATA/TotalAV/updates/SAVAPI 8.0.1/aebb.dll
- Size
  
  70KB
- MD5
  
  f81983581bdb64f2b9234ad881b9c7c1
- SHA1
  
  a12e1674498d3859f5e867d1c958b3a72047bf62
- SHA256
  
  cbcf727bb8b75864509ca1c7d68d4ef51d64a18b15b3e1145f94cd50f29746cc
- SHA512
  
  03fa42f9fc249be0c2269a076ec95b50e7d323587f5b1b4325549dd010eb2500b0ef8713d1e40c99a6de89abf30a3fc8a01b2d9f77bf224b5a51b2826bb53754
- SSDEEP
  
  768:9YYeKlKHPrmWYGQvredEzQiWidVtj44H6Kd3SVI2HAK2P3hh+:3PGQvrd5LtxHZcHgKW3hh+
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $APPDATA/TotalAV/updates/SAVAPI 8.0.1/aecore.dll
- Size
  
  281KB
- MD5
  
  3aade81602e5fd66d24b28a8f4d0edf4
- SHA1
  
  023193e6b32112153ed8addbbf8c2feb7684d379
- SHA256
  
  cef4cf51942dc337a371d3487ee87e9e2e9b2c82a34fa9b81d7beecd9e56810e
- SHA512
  
  08cf9bd46da4a231675bbe7716e71dc25326d8b4238cab9be28c04895e86d27ae2430be0b94a7fbe1c61a35c9d39d2c95eea283b254eb776b8ccf655638f3a7e
- SSDEEP
  
  3072:hs7523SuHq0Qx10YXQySzjqQPel7k3hGd5WKSGAL9M+OgMTZFXGH2tLg+Vc:hLbHqhx7QhqQPKky5WKSdLOaUz7u
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $APPDATA/TotalAV/updates/SAVAPI 8.0.1/aecrypto.dll
- Size
  
  138KB
- MD5
  
  77c7aed77a8358f1852328ba89c68e64
- SHA1
  
  597abdfa4738ee304f4bb049e822850918a5ddf1
- SHA256
  
  5ef4587c5e57c4b54c321e715907c56d73ace1ef727abf3f6ae52aed644485ef
- SHA512
  
  7156b8d0588bf43986582e853bcf29abc2d6cd03a957270e2c3d555744c1c82ac22420a0b036716cb954fd1d84fc86d35d8dc951d876d7fd2b0349ed8237a226
- SSDEEP
  
  3072:0dQdHHx1InHeIHapjcRa09MHapjcR7Rflj3owtq9dhT+LA:NdHH/IHlHap4RMHap4RbWKLA
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $APPDATA/TotalAV/updates/SAVAPI 8.0.1/aedroid.dll
- Size
  
  2.7MB
- MD5
  
  465282f73c5bf55c9f91e01e8cca14f0
- SHA1
  
  b141c74c85e8b87591dfa883680e9588e00c5a61
- SHA256
  
  008d570142dec8cd337fe28216a122fad8e52f8eafa564729e146f1572d7a97f
- SHA512
  
  89ba2743948b5ee9cc0f375b89167d64abf5bad838777b3c179c9606df5252cca0da2830cf6c75d6a4437397dfc80c09551f6b3925a8045489652c02e6ed1645
- SSDEEP
  
  49152:jyoyI4rlfff/MtGcMnrjD4LTQXJfRI14Ka8eGAp7dp9sCais5jDY5rGjS/QzP+gv:jyoyI4rlfff/MtGcMnrjD4LTQXJfRI1h
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $APPDATA/TotalAV/updates/SAVAPI 8.0.1/aeemu.dll
- Size
  
  411KB
- MD5
  
  a77547ea30c7e99dbf395e2135d5ee55
- SHA1
  
  2383bfff89a586aae2a4e99072b5b740d7115240
- SHA256
  
  daf4f56cffc30b604d238df30e96332dba84447399597cc7bfb94ab02cddec63
- SHA512
  
  ab99353214ee63b3d89dab90722fd4026f76959e7e96085ac93a457f53df9378bfbd35ec33bf7aaee0870d0a7b8ecff4601b5b360465a60d10591204cf953eef
- SSDEEP
  
  12288:ATDo2ZqPL80e/tkut8TNPpCXKQN7f4w8TMf5DTCi5xSfkpW+KV79mgAs3n5GPo:A/o2ZqPL80e/tkut8TNPpCXKQN7f4w8f
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $APPDATA/TotalAV/updates/SAVAPI 8.0.1/aeexp.dll
- Size
  
  394KB
- MD5
  
  8ace5e4e409b42940145bf1859463791
- SHA1
  
  7a0ff7aad25a802f36a70f4936b699042421f52f
- SHA256
  
  5114b2b29aa5ee2e3bd8eb2c52a9f75e2749a7933f59ecdcb3898d694f015fac
- SHA512
  
  7049df679deb104110d9188de2a46ffee0ebaca5b3526c7cc66546995c5494caaed3b2152a8943de7c2a9fb5efa8f4309a7bd94390956a206b82969a221592d8
- SSDEEP
  
  6144:Yz1XwJegZMXkALf8EnDx8L+rN0QmwAdWy9kvTZceYD+Pzb8ljBg0kS:CIZ6DWL+rNmjYy9BeYbPz
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $APPDATA/TotalAV/updates/SAVAPI 8.0.1/aegen.dll
- Size
  
  718KB
- MD5
  
  a572a2f67a845e1a6bea336ea5dad9a3
- SHA1
  
  7fc49d3d3da6f4ec047397c8a3f0097453859999
- SHA256
  
  c4d2e5f648644e85412cc619691d949c2933a74b64c190ec7df0ea5c9e7138f8
- SHA512
  
  f940adf670c3c51f17aa62bdeaf6bc5f8cd3e0b9b24b1167f6a8a63cb03573935c974688bee440b3636b7672806e63034309c13d97e5e17fceddc15fbbd00cc3
- SSDEEP
  
  12288:9JzLbloGZFABTYFuym1Fp5NqAZVmW0/dvswwtZeQ82wR1fYl59yDV:fzLbloGHABYEym1Fp5Nq6GdUwwtZeQ8H
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  $APPDATA/TotalAV/updates/SAVAPI 8.0.1/aehelp.dll
- Size
  
  295KB
- MD5
  
  4fd11be4967e66290090f0acbb402e09
- SHA1
  
  bdfe8f35e5dc8044e64850496c7f45d30327519c
- SHA256
  
  f4cca57e7310c76ee4741132e5391089f4182caa0c13dad46c2e04022fd83cad
- SHA512
  
  f9726ebace35fc1371c9eb0967bd1e834c413adbdce50815ab7d28deaf65c9170f879920ad703dcc524fde34cef8dad30818548ac4b7b04d54d11c3b9c07ce7b
- SSDEEP
  
  6144:Zg6abREzUxcSgulWoteQYMLIWlaDhDLVH:O69zPFglksadDBH
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  $APPDATA/TotalAV/updates/SAVAPI 8.0.1/aeheur.dll
- Size
  
  10.5MB
- MD5
  
  fb16fceb4abdbf6d8f1be151924fcd73
- SHA1
  
  a56c60a6efe421aea7b4710c200a79f1c353a74f
- SHA256
  
  fe0b17e2e99676be58fbdd69b3a15eb172d81cbf701e894ad1ac42773cf24b75
- SHA512
  
  08f88e9c49853a9fb42fdd7a7567c5a74c8819115fa5639facb89a5a9d7d2a215187f8a32436ca5a94f14372921944ac391998b7acf50fb33a18073c6b5bd018
- SSDEEP
  
  196608:3BhXYuuLuywlMGdXSCOeVNluvHsxicIiSRvHqPCvlgIScOW6wjNc:kfJV/OWM
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  $APPDATA/TotalAV/updates/SAVAPI 8.0.1/aelibinf.dll
- Size
  
  78KB
- MD5
  
  b871e50964730df56ba2782bcff46d97
- SHA1
  
  c50a71ed3cbd0c3a362b34d80e69260cfa67f1f8
- SHA256
  
  00da20e602fa16db217f0e947e810230bd9ddf859b902d32d9c1fde813be9f33
- SHA512
  
  478f05df9dde5950b211ab3ceb14391352114d75de3abf80070ffe569bcd7b32f930f28321b9667b72933955db2f366f03892cef130780990ef85f438019ec2a
- SSDEEP
  
  768:VVH0SGm8JSMfeHbSUSGE3MSE+RenTksudO6mlGDOtnLiG0VtnDI37XKd0YI2HAKq:VVXUeHbxv89suQlAVtDD0YHgKvghR
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  $APPDATA/TotalAV/updates/SAVAPI 8.0.1/aeml.dll
- Size
  
  340KB
- MD5
  
  3a200d0d84eb94f86868490c0261937b
- SHA1
  
  0563dd476b1d75195c164c6752276c0efc118081
- SHA256
  
  403866092dc4390df546399ee68ced2d1d1c0394b8769ef739fa7f240cefb385
- SHA512
  
  13416e2731006107500ee4c350e59b21897d42fd8e5cce18606a098be49fc24caa14b4e886bca995962920aac120316ae9e7d53688fac30022eeb2cbbbc88e63
- SSDEEP
  
  3072:/2TTkgqzVWX1P++4VTmlY7v/uoCi+X8QAVhy4ut5xZsmiVw:+TlP+HClYb/uoCF5ACCm
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  $APPDATA/TotalAV/updates/SAVAPI 8.0.1/aemobile.dll
- Size
  
  353KB
- MD5
  
  ae3587d21cae5d74e438ee2492f65e72
- SHA1
  
  513ee522fb8e64312e99f1cc0b224bb315178532
- SHA256
  
  5096c9ab09e878d06596a20192d9b22ae7432bc660c8f4d8a24ea5daec509baf
- SHA512
  
  862e65c9122aa3f4d3155e995f586d13a93c5ccfaed6e637f34b5847bc178b80c9da51b9d9e3c3b03d61538ead7ad7ad03ab19e94a62f420da2ac62b7ceb060f
- SSDEEP
  
  6144:8NO19B3fnj21PJQs545pFFpMvqW7yCpPi+W25La9lIgUyff:8gvnj21Px5Ewq8LslF
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  $APPDATA/TotalAV/updates/SAVAPI 8.0.1/aeoffice.dll
- Size
  
  790KB
- MD5
  
  ade1cd616758d98b6940bff8a327c719
- SHA1
  
  899e7c2ba09039056b17d2bba0ac87cd2a60c224
- SHA256
  
  1c2a0d870f46575dfece1758809ac4d7f5e37fdb945a874512f99f275c4d2bc0
- SHA512
  
  ad3249022c85851dadb717b0d1249b02eff89002004b98afa56c48b8c3d4de84a3345e0db95d387aef467bf80fb9250c9d73b580092b480bd96210e939535cd8
- SSDEEP
  
  12288:y8AvzivsdXkMME5zFVtuEDJvv01s+uUoTrTPe6sT54c:bkGvsdXdxp61s+uUoTrTPe68
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  $APPDATA/TotalAV/updates/SAVAPI 8.0.1/aepack.dll
- Size
  
  837KB
- MD5
  
  2d7f4f6b862c67d29f9acede3f87cf62
- SHA1
  
  cb205c9ab69ce9b11fd404c82278254e039391fd
- SHA256
  
  04936e1a579464228b0a04fe9b9808a2c94d60fd8f968261f8576ffb48ab8140
- SHA512
  
  075501cd6a482b47b03c1c113246b3d9ed109966d9d944cc32708e60c4bdeddde562921f897a952341c9106b0794685d6638bd4505340b8079e75f0ea0bd5045
- SSDEEP
  
  24576:atz1KXoXhoY6pJ1LTwV969rMB0u604dHcUKP1Y4:atBBepJ1LH9BuxK0B
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  $APPDATA/TotalAV/updates/SAVAPI 8.0.1/aerdl.dll
- Size
  
  1.2MB
- MD5
  
  9b6b3cada9669f3b17ff9368f5f42148
- SHA1
  
  17a644be4542753bcebae09bff342c6e70e425cd
- SHA256
  
  f15ddc02864fce89707ec58b1f50ee5ab31be563da15d9d0e10c21746cb5f9cd
- SHA512
  
  3da00167dea05a34897ad17c236591b6dcb48bccd37ef2e29c52d15b8f5dd52cc53fe136129aab43ca39f2e5729746724ab9d4854cb021c298490a7c0ee5cc1d
- SSDEEP
  
  24576:amhFd3CHwCtScxrfKeDhYthlw/9X91UeF/0xR/1WoTikWa8a9gEng:2wCt2i/fmYQtDD9gEg
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32