Overview

overview

10

Static

static

10

2a6a2534c8...bN.exe

windows7-x64

10

2a6a2534c8...bN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2a6a2534c8d79fba48aa150d4185a2b0255432f53a970796fc4e63d6cca9b3ebN

  • Size

    1004KB

  • Sample

    240930-zj5vzsycjg

  • MD5

    9a3f0849830ad918343f6c4bfba13ef0

  • SHA1

    e8a1cfc2f8a2b33892a221b0d70ec6e01ac08113

  • SHA256

    2a6a2534c8d79fba48aa150d4185a2b0255432f53a970796fc4e63d6cca9b3eb

  • SHA512

    15329c02fbe9462c0c772d349edfb5f0ae57a808af57abf5a492cb66585aed3a8fcb7ced907e967e2a786eb7c0ebfde8dbcf5cc4ea9c0b281188b6b76c538983

  • SSDEEP

    12288:HzLLd1T7rLw7j0XodWAoNovmq8bgnnntE1++3DEhOKM88FAoZW68DaiSZeQ:HznwWoYAMovF6gtETTbi3a/eQ

Score
10/10
blackguarddefense_evasionevasionexecutionimpactransomwarespywarestealer

Malware Config

Targets

    • Target

      2a6a2534c8d79fba48aa150d4185a2b0255432f53a970796fc4e63d6cca9b3ebN

    • Size

      1004KB

    • MD5

      9a3f0849830ad918343f6c4bfba13ef0

    • SHA1

      e8a1cfc2f8a2b33892a221b0d70ec6e01ac08113

    • SHA256

      2a6a2534c8d79fba48aa150d4185a2b0255432f53a970796fc4e63d6cca9b3eb

    • SHA512

      15329c02fbe9462c0c772d349edfb5f0ae57a808af57abf5a492cb66585aed3a8fcb7ced907e967e2a786eb7c0ebfde8dbcf5cc4ea9c0b281188b6b76c538983

    • SSDEEP

      12288:HzLLd1T7rLw7j0XodWAoNovmq8bgnnntE1++3DEhOKM88FAoZW68DaiSZeQ:HznwWoYAMovF6gtETTbi3a/eQ

    Score
    10/10
    blackguarddefense_evasionevasionexecutionimpactransomwarespywarestealer

    • BlackGuard

      Infostealer first seen in Late 2021.

      stealerblackguard

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Deletes backup catalog

      Uses wbadmin.exe to inhibit system recovery.

      ransomware

    • Disables Task Manager via registry modification

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks