General
-
Target
VegaStealer_v2.exe
-
Size
7.7MB
-
Sample
241228-1cf4qasqdl
-
MD5
9f4f298bcf1d208bd3ce3907cfb28480
-
SHA1
05c1cfde951306f8c6e9d484d3d88698c4419c62
-
SHA256
bf7057293d871cac087daab42daf22c1737a1df6adc7b7963989658f3b65f4cc
-
SHA512
4c763c3b6d4884f77083db5ccada59bc57803b3226294eff2ec3db8f2121ac01ee240b0e822cb090f5320ce40df545b477e323efabdbca31722731adc4b46806
-
SSDEEP
98304:Rgl47z3Aldea5a/OhtJeq+4NK+dG7M0mWZsE6+YhU+dbkh4yiMP0Q:H/wld79ht+j1M0mWZsE6+YASy10Q
Static task
static1
Behavioral task
behavioral1
Sample
VegaStealer_v2.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
VegaStealer_v2.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
blackguard
https://api.telegram.org/bot6540906397:AAG08fPgT-V7I17vtz49STaZEuwqXqKshuM/sendMessage?chat_id=5445185021
Targets
-
-
Target
VegaStealer_v2.exe
-
Size
7.7MB
-
MD5
9f4f298bcf1d208bd3ce3907cfb28480
-
SHA1
05c1cfde951306f8c6e9d484d3d88698c4419c62
-
SHA256
bf7057293d871cac087daab42daf22c1737a1df6adc7b7963989658f3b65f4cc
-
SHA512
4c763c3b6d4884f77083db5ccada59bc57803b3226294eff2ec3db8f2121ac01ee240b0e822cb090f5320ce40df545b477e323efabdbca31722731adc4b46806
-
SSDEEP
98304:Rgl47z3Aldea5a/OhtJeq+4NK+dG7M0mWZsE6+YhU+dbkh4yiMP0Q:H/wld79ht+j1M0mWZsE6+YASy10Q
Score10/10-
Blackguard family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2