blackguard | 37614c2db52f02f62f91f0152dbb5f70dbb0baff9b61aeb049dd6fcbbecda6f7 | Triage

Sharing

General

Target

37614c2db52f02f62f91f0152dbb5f70dbb0baff9b61aeb049dd6fcbbecda6f7
Size

24.2MB
Sample

241205-bsfqfs1lew
MD5

264d0eda98123495dd29cc072ed7e960
SHA1

e0b233e06058837d85389eea62822a210c5b5ead
SHA256

37614c2db52f02f62f91f0152dbb5f70dbb0baff9b61aeb049dd6fcbbecda6f7
SHA512

655a4df4f8e9dc84843a75861be310b52a9c6bafc003ee72801932a5da51c3724340f0947934e2928cd82f61b44c745dd22aa5a813d6bbb045b550aa2bd5851c
SSDEEP

196608:Yk8oRvgMb5vryItxNGR4Sk/CHGif40aSab2XbHOlGaq5EkW/uiZ7:Y46Mb5vrfwR4STOebHOlGakWn7

Score

10^/10

blackguard persistence privilege_escalation

Malware Config

Targets

- Target
  
  37614c2db52f02f62f91f0152dbb5f70dbb0baff9b61aeb049dd6fcbbecda6f7
- Size
  
  24.2MB
- MD5
  
  264d0eda98123495dd29cc072ed7e960
- SHA1
  
  e0b233e06058837d85389eea62822a210c5b5ead
- SHA256
  
  37614c2db52f02f62f91f0152dbb5f70dbb0baff9b61aeb049dd6fcbbecda6f7
- SHA512
  
  655a4df4f8e9dc84843a75861be310b52a9c6bafc003ee72801932a5da51c3724340f0947934e2928cd82f61b44c745dd22aa5a813d6bbb045b550aa2bd5851c
- SSDEEP
  
  196608:Yk8oRvgMb5vryItxNGR4Sk/CHGif40aSab2XbHOlGaq5EkW/uiZ7:Y46Mb5vrfwR4STOebHOlGakWn7
Score

7^/10

persistence privilege_escalation
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

persistenceprivilege_escalation