blackguard | 16f1f0af59778d86a29cc30f18eaaa982306e9a37089fbb68a1b980829adde8e

Analysis

max time kernel
120s
max time network
128s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14-11-2024 01:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

16f1f0af59778d86a29cc30f18eaaa982306e9a37089fbb68a1b980829adde8e.exe
Size

5.7MB
MD5

73171a0d902aca6485a6df0f7cd57c90
SHA1

7f67a1abaf5a37f0cea9dd1baa47f86c8509e7c0
SHA256

16f1f0af59778d86a29cc30f18eaaa982306e9a37089fbb68a1b980829adde8e
SHA512

bfb97d68543c2a9235bcf77dee0e35563ab9e9e9414693877d708f497eaf0da83c14a249784e2f5e7ac3acea273692904c13c11fb9e8e895103e5e4d9c6123fc
SSDEEP

49152:jsI6i/u2fmd1oV8o2BwB2rKIHuBUbLtbeq:jsIr/u2Od1m862rVR

Score

10^/10

blackguard discovery stealer

Malware Config

Signatures

BlackGuard
Infostealer first seen in Late 2021.
stealer blackguard
Blackguard family
blackguard

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	16f1f0af59778d86a29cc30f18eaaa982306e9a37089fbb68a1b980829adde8e.exe

C:\Users\Admin\AppData\Local\Temp\16f1f0af59778d86a29cc30f18eaaa982306e9a37089fbb68a1b980829adde8e.exe
"C:\Users\Admin\AppData\Local\Temp\16f1f0af59778d86a29cc30f18eaaa982306e9a37089fbb68a1b980829adde8e.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3020-0-0x000000007463E000-0x000000007463F000-memory.dmp

Filesize
4KB

Download
memory/3020-1-0x0000000000210000-0x00000000007CC000-memory.dmp

Filesize
5.7MB

Download
memory/3020-3-0x0000000074630000-0x0000000074D1E000-memory.dmp

Filesize
6.9MB

Download
memory/3020-4-0x0000000074630000-0x0000000074D1E000-memory.dmp

Filesize
6.9MB

Download