Extracted

• • Target

    AdvegaHack.exe

  • Size

    7.7MB

  • MD5

    5f8d5770292267bca8c17dd1bf4ecdf2

  • SHA1

    debdca02009b642fc15e990fcf286838d8d16cf4

  • SHA256

    817cd1a400d6133e5959971d975a5cba0f03f403a2eedeeb4004fd48bc6d367b

  • SHA512

    fc28ebd0d216efca4dd0d31b60d29ce0c6e253381825e478dcf1bcb7792ee2b9d26ff2317a09247710504cb3f9d9cd15e88e483c59bfd36884788df43f37e10d

  • SSDEEP

    98304:hgl47z3Aldea5a/OhtJeq+4NK+dG7M0mWZsE6+YhU+dbkh4yiMP0T:X/wld79ht+j1M0mWZsE6+YASy10T

  Score

  10^/10

  blackguarddiscoveryspywarestealer

  • BlackGuard

    Infostealer first seen in Late 2021.

    stealerblackguard

  • Blackguard family

    blackguard

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1