blackguard | 8a44cd8e2c995781d12994f0de2d91ef120b41770554b7fea52b875b5f8811e2 | Triage

Sharing

General

Target

8a44cd8e2c995781d12994f0de2d91ef120b41770554b7fea52b875b5f8811e2
Size

24.2MB
Sample

241022-bd2pdazarr
MD5

a571b5d63c3f670c5203c30bb55f9114
SHA1

a8304bd829bc39677fae5252cc536307593f7541
SHA256

8a44cd8e2c995781d12994f0de2d91ef120b41770554b7fea52b875b5f8811e2
SHA512

00742c2a4498e235aba29da39956df5019339eded03edd51afdc6646446c5401a6b5b22cd3c5c2b02b9978a8474b1badb334396fc45320daf8380506937a4432
SSDEEP

196608:OkAoMwgMb5vryitQPGGYZk3CHGif40aOkrLDKbHOlGauCEkF/uzYl:Oc6Mb5vrQ+GYZTcubHOlG7kF3l

Score

10^/10

blackguard persistence privilege_escalation

Malware Config

Targets

- Target
  
  8a44cd8e2c995781d12994f0de2d91ef120b41770554b7fea52b875b5f8811e2
- Size
  
  24.2MB
- MD5
  
  a571b5d63c3f670c5203c30bb55f9114
- SHA1
  
  a8304bd829bc39677fae5252cc536307593f7541
- SHA256
  
  8a44cd8e2c995781d12994f0de2d91ef120b41770554b7fea52b875b5f8811e2
- SHA512
  
  00742c2a4498e235aba29da39956df5019339eded03edd51afdc6646446c5401a6b5b22cd3c5c2b02b9978a8474b1badb334396fc45320daf8380506937a4432
- SSDEEP
  
  196608:OkAoMwgMb5vryitQPGGYZk3CHGif40aOkrLDKbHOlGauCEkF/uzYl:Oc6Mb5vrQ+GYZTcubHOlG7kF3l
Score

7^/10

persistence privilege_escalation
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

persistenceprivilege_escalation