blackguard | 2f16279e427a4195d134a8f4eaa2bbdb1187efa912e90947baa157097d89bdf6 | Triage

Sharing

General

Target

2f16279e427a4195d134a8f4eaa2bbdb1187efa912e90947baa157097d89bdf6
Size

17.9MB
Sample

241023-bm3ysswank
MD5

a514c95f9620f1840d740ef4cb705e46
SHA1

61f35f337c2ada1f109766b5048b1c92edc52d79
SHA256

2f16279e427a4195d134a8f4eaa2bbdb1187efa912e90947baa157097d89bdf6
SHA512

548de80c34f31b3a5fa94c355813fd544cb67d46f0ab597d03a0a489393e7be64f61bddc95a667ada60c0b72800e10cbf82f379164033604cd8aaef7fe7714b4
SSDEEP

393216:8+BhUITbTGHn+viH3WgHivtW68+RTv07RPBMnkpxDLw:8MZ+nGkWgHicYwPBzM

Score

10^/10

blackguard agilenet discovery link pdf

Malware Config

Targets

- Target
  
  KTR Bilgisayar Yönetimi/KTR Bilgisayar Yönetimi.exe
- Size
  
  11.8MB
- MD5
  
  eb7c879f11b54f291ce0126d62dcf341
- SHA1
  
  a14c6530b24916eea2bd2237b790a338df6a7bea
- SHA256
  
  209f83f34903c8db51f8ea1b54c8f0093b612447d31908bac081372377d89c06
- SHA512
  
  c453c588b9f5f522ccc2f42e255f68ff38e984810def9ec4c6ee50b6407ac19df8994698120b3482dd29f3425f0e9d36afe872e0093306c804ee88c4c16ac9ce
- SSDEEP
  
  196608:CSQSap4bqiip34pkr2dY/aBcjJOBHOBIQBajMtWvoJiLE1+XgRKz89G/4ZSb0Fu5:wkqiiKpkr2dY/aBcjJOBHOBIQBajMtWb
Score

7^/10

agilenet discovery
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
behavioral1 behavioral2
- Target
  
  KTR Bilgisayar Yönetimi/Kullanım Kılavuzu.pdf
- Size
  
  764KB
- MD5
  
  2a826a713da452cab69a017133171670
- SHA1
  
  fc22d17ee8843a793571ba23d194efa00db48847
- SHA256
  
  7afbec7252a7203333afbefcfd725d8c25350ab610bb48ba0b0d60c82b5bfc78
- SHA512
  
  4067930355f7535e420a481e8c77c0a8e25892527f953960fbde8f8e3297a37c0cc5e77a277cab1a0f402a77005152aa069c109ec51eb043670772fc2ad9fec6
- SSDEEP
  
  12288:uoZT3YcNd6NEJqCtRIqc0kX5ZBWqsI1TIeKeimy7e561CSmrMtWG2DOQlnB:uoZxNd6NEsyyqc0U5ay1TIeKjeeBiMp+
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  KTR Bilgisayar Yönetimi/VirusTotal/VirusTotal.pdf
- Size
  
  149KB
- MD5
  
  b220c3823391000a26475839eb7a832b
- SHA1
  
  e6fe6bffeb5ff209ee219bde2e870599e2fc0b6b
- SHA256
  
  cea8433eb011f56b5c17a5671fda00b95a8fa2ff4c9784b45a83d7bfd321f3bb
- SHA512
  
  f08bcf95c6ef4ff8d5d2af5208a26727a8f0e41b9d6fb1034a812757b999e406a60b0f366e03aa958f12a22111e407c49d38f466cf7ec7233afdfa8341ef5d86
- SSDEEP
  
  1536:HBb+nqKSDZTpShNpsFK6ZnjaTzHvSpFVTNi6neqtR+IIpjto/ZH:hSmDSdssUjaTzHSD1VHgjOp
Score

3^/10

discovery
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

pdflinkagilenetblackguard

behavioral1

agilenetdiscovery

behavioral2

agilenetdiscovery

behavioral3

behavioral4

behavioral5

behavioral6