Extracted

• • Target

    ExtrimHackCS2.exe

  • Size

    72.8MB

  • MD5

    314b9dee510eca2dfa045520739e6734

  • SHA1

    853a1bd7edc947f437e67aabbd93f748d90e3975

  • SHA256

    d013f217195c38d4c65063ba7001c7e2bd2b131fa0e130e5f3814ea72f0dd91a

  • SHA512

    1fc4fcdc7cd3b26846ca7b641f0278a953313ec02f2053e704f32aff392ebf9c4d766aa5946f84f313012365959b2e4f158874f1d95104e6aaae927ed7e5984f

  • SSDEEP

    1572864:W6GSXPyRXckWqTaYh9iSZoX5si4I38THE0CYYOiPxR19jiw:hXPydnjTa+eGi4pTHEhYY1pnl

  Score

  10^/10

  blackguarddiscoveryspywarestealer

  • BlackGuard

    Infostealer first seen in Late 2021.

    stealerblackguard

  • Blackguard family

    blackguard

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies file permissions

    discovery

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2