blackguard | 43f9b61538ca97ebd0c00aceb58407e62854f0ba5e34a65c6d17dd437472c1a6 | Triage

Sharing

General

Target

DaDSS_Fix_Repair_Steam_Generic.rar
Size

10.9MB
Sample

240905-sfp7sstfqh
MD5

6aac1a89e52d817b58d90782faf22343
SHA1

8c80a2edb7cf741e70898535afb89486b02eaf97
SHA256

43f9b61538ca97ebd0c00aceb58407e62854f0ba5e34a65c6d17dd437472c1a6
SHA512

1ecfe30f96b9c3329b089bcdca634b1e06ea3e5ed6feff590a072ab8a7ba3ef8ceee33e67b85c44998579210267608795a8bc6909de010009dd21fd4669ce741
SSDEEP

196608:q/5ra/OUoJsrCJSqb5NdWuweHXdaKbUsGxnBAP+umNsttMtmrevpOXXS+vT2sQMi:4Q/2sqJVNjwmXdaGUpxnBA0yCtweR43Y

Score

10^/10

blackguard discovery evasion trojan

Malware Config

Targets

- Target
  
  DaDSS_Fix_Repair_Steam_Generic/BepInEx/core/BepInEx.Preloader.dll
- Size
  
  42KB
- MD5
  
  24e30ee42802145447b474613f66c376
- SHA1
  
  096810482069885b56fa430f7dfbcb77506f086d
- SHA256
  
  9a7597d16bfc1d2564c6c1168fb077443155946b66f2041e1d1cf9548de210b2
- SHA512
  
  3cbd64478650c1093e9c778408291d9184a84b5190e2d540060faf112b68feffa2d90a2fb97e82f586b40fd85ff60c77c780adf6f867a591a3c068be3718c0bd
- SSDEEP
  
  384:2MEBj+RTLt5m7jJQNqgXnz2pxZqf3mjE7EP/QvlGM/3G3kDH0nMxbdgRwe5Lybru:vRwJxMejEAPMvGjgbVoLybr6csQp4
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  DaDSS_Fix_Repair_Steam_Generic/Custom.dll
- Size
  
  2.1MB
- MD5
  
  72da52bd5e01d8f227de3753dc96ba54
- SHA1
  
  80207994fa7425cafd008ea3b66cc3a32e501586
- SHA256
  
  700df0314916a5e03e46191a737d8b2f6efb938ac370b1d2d368e501daf8f408
- SHA512
  
  8c24a61faae5fbd982d40b1cc9440792904216a2b81961be5905b3c2f62288775a575bc5e1df35312f6ee1003716ef2e191e5e41aef84cb94f604ffdd4f366b6
- SSDEEP
  
  24576:+uILGblwKgf70b6sAUmLuBUJ/KE/dFdy8goDSGIt6:+wlS0bBmQKRynqS
Score

1^/10
behavioral3 behavioral4
- Target
  
  DaDSS_Fix_Repair_Steam_Generic/DDSS_Data/Plugins/x86_64/steam_api64.dll
- Size
  
  291KB
- MD5
  
  f3db5801dc9b75da671b39041e2e8bcf
- SHA1
  
  40d0ae44e090db49b2309fb152fbd3e11124a376
- SHA256
  
  a44e5537939ae4eebc69000589aa9b2437a667813a1657cc779198bae9b815a9
- SHA512
  
  9abeb8542ce48f3d263e9924a82cafa80b42b730636f1df6e594679482b6638997563b5d752d5505f25596a5d0e2f56f1255e4a94bb9523d47c180bc131e22f9
- SSDEEP
  
  3072:B8Y+BDOgGIWcXSEJeRhqTMdU55UuT7+7JtN3RUOj65lhTbCMTiGu2ZvJpKCZyq+g:BYPNrQheMW5vTKxRo8CgCZyqO2CM4OYS
Score

1^/10
behavioral5 behavioral6
- Target
  
  DaDSS_Fix_Repair_Steam_Generic/OnlineFix.url
- Size
  
  46B
- MD5
  
  59bf167dc52a52f6e45f418f8c73ffa1
- SHA1
  
  fa006950a6a971e89d4a1c23070d458a30463999
- SHA256
  
  3cb526cccccc54af4c006fff00d1f48f830d08cdd4a2f21213856065666ef38e
- SHA512
  
  00005820f0418d4a3b802de4a7055475c88d79c2ee3ebfa580b7ae66a12c6966e5b092a02dc0f40db0fd3b821ea28d4aec14d7d404ead4ea88dc54a1815ffe26
Score

6^/10

discovery evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
behavioral7 behavioral8
- Target
  
  DaDSS_Fix_Repair_Steam_Generic/OnlineFix64.dll
- Size
  
  11.5MB
- MD5
  
  8757f3d993ee2c707fd3bc2ec9ccd91a
- SHA1
  
  2ed7a354b86539818f1e841f849dc2c35ed4b500
- SHA256
  
  76a8e2d4630a8e3a6914ab35f4ba4c105943c85bcd4ee327b43a976a78fdf8ee
- SHA512
  
  606c903bd2623705e8af207d4ba4cb70a3e601fed6d91155aa7af1b26893d6aae4a4499321e2ba6d2db3493a9c58c74cd977aa01998b378793e200629ef7e983
- SSDEEP
  
  196608:Cc5tN8DOlWKZqI7x68n93H3y1dvCmlHD7CzLD4txdxlEc/HiYDxaVZ477:Cc5P8DOlWMxLnBH38CmlHD7Cz4txLBGs
Score

1^/10
behavioral10 behavioral9
- Target
  
  DaDSS_Fix_Repair_Steam_Generic/SteamOverlay64.dll
- Size
  
  114KB
- MD5
  
  0a5429b888c75f6525e1100e32dd2b69
- SHA1
  
  8ae224580aa0838a7b1570c79d4d8f27a1b46d19
- SHA256
  
  f784b4b85b627c7ea541bd2a90c9fc6e9736a0731707c31265aa86fe684dc2df
- SHA512
  
  5f77ac9619ccb5baebabb2e406ce265148ad18c6e1162c7d4c3a5656f38abedf90f756a829da856312689a738a3258382f37a279843bf7db0c14ac953c6992ef
- SSDEEP
  
  1536:h1iaPnCtV4+1/IGiaA7bSMhP3rOy843NxnpWJtRsWkd09dl38s6BtcBRXh4:h1iaPn5+uGi/7bpxaX43Ni3aMLJB1h
Score

1^/10
behavioral11 behavioral12
- Target
  
  DaDSS_Fix_Repair_Steam_Generic/winmm.dll
- Size
  
  512KB
- MD5
  
  e59aac558d9f9c5d1312ac24d09c51d5
- SHA1
  
  2f11c4b00f5f92d4466348f9501aa657c9bf6fa7
- SHA256
  
  ba37009eef6c041bc6d0a271c13679fb9e14a005bd7e038cee596cd4064cf8b3
- SHA512
  
  1c3b357074d62d5ca11c92d71ffdacb4a7e3d6fb17cbd4b489e5bea0032cea43650a6809388e98e4b98256b477c6b5dbd8fd2c7f4e3e08af00ef68e0ed4406d0
- SSDEEP
  
  12288:XQxOD9ZC0WKOy8zMtJKpBmpMgBNwQuQmMzWq0hNwnoAZwl:XQxOD9ZFKpB+N7JmMzWq0hNwnBZ
Score

1^/10
behavioral13 behavioral14

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

discoveryevasiontrojan

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14