blackguard | 6ab157f8e87b91bfc479878eec2a4fc345f6c9c5ada4b5711c2f96289dc14b8f

Sharing

Copy URL

Twitter E-mail

General

Target

R.E.P.O v0.1.2.rar
Size

356.1MB
Sample

250315-1wwzaavshy
MD5

5b832c9ad0c064249e681d681be7b6c6
SHA1

1c86102b702b0eae9e55b09d63fcfe4d861b0c70
SHA256

6ab157f8e87b91bfc479878eec2a4fc345f6c9c5ada4b5711c2f96289dc14b8f
SHA512

fab291f64b82c1117cb96f6603b0027396688c9d0a290aac1a374394e426cb275a95546d0bf9bf63cd35a45f87087363a03a81f28c2837f51be7fbb0dc94272a
SSDEEP

6291456:zwI41VPdTsh82HcvuQF46HdMmIQsEv332Dx8Z0x+4BwdvOs+p7uuRwt8zx+/lFsH:zwI41ZxshrHIMrc3GmZe+92jp7uuCtiz

Score

10^/10

Malware Config

Targets

- Target
  
  R.E.P.O/MonoBleedingEdge/etc/mono/4.5/DefaultWsdlHelpGenerator.aspx
- Size
  
  59KB
- MD5
  
  f7be9f1841ff92f9d4040aed832e0c79
- SHA1
  
  b3e4b508aab3cf201c06892713b43ddb0c43b7ae
- SHA256
  
  751861040b69ea63a3827507b7c8da9c7f549dc181c1c8af4b7ca78cc97d710a
- SHA512
  
  380e97f7c17ee0fdf6177ed65f6e30de662a33a8a727d9f1874e9f26bd573434c3dedd655b47a21b998d32aaa72a0566df37e901fd6c618854039d5e0cbef3f5
- SSDEEP
  
  768:6CEPutHjvpMgMwP9h5Ij7khsp/6JtEZwMXVtkUI3t3CXyEyk3VbNbqDvJ4oT1y:/r6CdsCOZwMX3k5dWyklh+Dvbw
Score

3^/10

execution
behavioral1 behavioral2
- Target
  
  R.E.P.O/OnlineFix.url
- Size
  
  46B
- MD5
  
  59bf167dc52a52f6e45f418f8c73ffa1
- SHA1
  
  fa006950a6a971e89d4a1c23070d458a30463999
- SHA256
  
  3cb526cccccc54af4c006fff00d1f48f830d08cdd4a2f21213856065666ef38e
- SHA512
  
  00005820f0418d4a3b802de4a7055475c88d79c2ee3ebfa580b7ae66a12c6966e5b092a02dc0f40db0fd3b821ea28d4aec14d7d404ead4ea88dc54a1815ffe26
Score

6^/10

defense_evasion discovery trojan
- Checks whether UAC is enabled
  defense_evasion trojan
- Legitimate hosting services abused for malware hosting/C2
behavioral3 behavioral4
- Target
  
  R.E.P.O/OnlineFix64.dll
- Size
  
  11.3MB
- MD5
  
  1dc3a9fd539541dfd04ba19b0e65a1bb
- SHA1
  
  2a0ab8d86a16546ee040d866dc8e7acc9888a12c
- SHA256
  
  316eba6541ee72195e949c04597a37309869f683b96561f558c231d796974b10
- SHA512
  
  0110d961a7d4ac14f075fdabb1c5366c73c76397b3b3f34df72991dd2cf14ced18a0293d49f48b2bb1eaac5206945aa4e7acac48fcd0c7380cc13a14558cfe50
- SSDEEP
  
  196608:V8PPzFUF/qRFyL7ekwe/G8hNJRWH035NoWVxqr1Pow3PISBQxJcX6Qz:WPPRgqRF+wLQjJHoWm1PowImQxGqQ
Score

1^/10
behavioral5 behavioral6
- Target
  
  R.E.P.O/REPO.exe
- Size
  
  651KB
- MD5
  
  37e2e7e012343ccef500133286fcbf27
- SHA1
  
  4b7e66039d04b14ddcfb580a6e6a395ea52222be
- SHA256
  
  1643ff9ed131adde7a22363f26d36308b4b4fb8f9ba61e5afce3b6803c5cb302
- SHA512
  
  418dcb69e506f42248c00459eb3fa5a576006fead83cb5372e5710a8e95265654c316bbb314e4b8afa69e393a7cdf01219b7e17095d1990ab418f0aed68c687e
- SSDEEP
  
  12288:c/744aOD8GVma8Vk2WbYq5qL7Lp4SKpRUzfBI4xa7iKXS:m9aO/Vma72z9KY7BID7iKi
Score

1^/10
behavioral7 behavioral8
- Target
  
  R.E.P.O/REPO_Data/Managed/Assembly-CSharp-firstpass.dll
- Size
  
  295KB
- MD5
  
  b064180baff82b768b93251749acc519
- SHA1
  
  48a490559b2f039afe63e26bac424dafe83f857a
- SHA256
  
  4001322f7a2a03c26473192d6ecdc0b3ce6587928a6a91ab86f3b3e30c93ef1d
- SHA512
  
  528c79881e4f4054134564bd24ddfd4147a09320e629b5b5c4059c9f54a6893029519356cc0742fa4eb30826610301099bee942d6d84013fd5db8f37b0c73674
- SSDEEP
  
  6144:ED4ljWJOQNd/ir+5U/zW5mW9kkVn7knCAWLKb/w:85Ndar+5GzW5mWL7knCy
Score

1^/10
behavioral10 behavioral9
- Target
  
  R.E.P.O/REPO_Data/Managed/Assembly-CSharp.dll
- Size
  
  1.3MB
- MD5
  
  32956bfdd9ecab169b20e7b61960d281
- SHA1
  
  ee7b7037c5b1f15684e3599bbf01012555b22055
- SHA256
  
  00514fd63809e0d7b5803ecd34364391083a2def5a3f3639e6cf118936b0be3c
- SHA512
  
  aee6cb0ce5be9d557187c23b359a0d2a674758259e32b8c5d8950ec31dbcc22815b2bf42978a5470ae08107c82fae4a6b6b85e93a645ba3885514742be57653d
- SSDEEP
  
  24576:1LmagU/pxyoi7RHV8WO6wyuv6IyQYFDLP+emV7yA+d0dzSKlkov4G+uz:t6fuviFDwF+Wdzhv4G+u
Score

1^/10
behavioral11 behavioral12
- Target
  
  R.E.P.O/REPO_Data/Managed/Autodesk.Fbx.dll
- Size
  
  4KB
- MD5
  
  4d69a6a42a47aea6119e56aa5c5baea3
- SHA1
  
  3ce460690c387a97ad6cc6348ffd27435a095668
- SHA256
  
  30016b51e2600ab052695a5dd92776f6a1f85749e5aa88c3578c6eb0e918823d
- SHA512
  
  b7c12444e707583a23ed937c04401c4a49d617ee547bb4e15b7e159faf4012c3f6f7849dcbab014f63cbee05e442ed57c76cd6e8ed20bfe939c4b12693ffb3a7
Score

1^/10
behavioral13 behavioral14
- Target
  
  R.E.P.O/REPO_Data/Managed/Facepunch.Steamworks.Win64.dll
- Size
  
  534KB
- MD5
  
  9b6881f3af33f662ee9a2a8f07016b98
- SHA1
  
  06e4b53d3d7177d2465c9f53e7881a8c4cfb8ac0
- SHA256
  
  7f4e025564e9b2dd6ac248727b37c9767212c567b18a422629256737524d23b8
- SHA512
  
  39bf3ffa5456db92f5d44c78764efc6cdc5a4c52e7493a1a1940dbbcf4268120538b0b86db3ccdbf9cc3453b11ef3d6827db4fa38ce18968f38829a1e600253e
- SSDEEP
  
  12288:4dMCyDIDge2t7yOcEXJ5HfuhftgUT2lCeamE:sVDge2t7JJ5/2ftgUT2lCeamE
Score

1^/10
behavioral15 behavioral16
- Target
  
  R.E.P.O/REPO_Data/Managed/FbxBuildTestAssets.dll
- Size
  
  4KB
- MD5
  
  5d6fee6175cdebaa2ee128150bd29a29
- SHA1
  
  c8c198a9ac713943e7fca4623ceabfe1ac6b31e7
- SHA256
  
  5ffe4702625dc8f3db2b3b04e3cf298485a680701798c7eae954728ccbeb4e00
- SHA512
  
  07ba446824fd886aad73104facd9c6d91d5dbe257dc78951928a934718b11841bf29855882d5bcb66ee168a786ea2fb4ab8ecda1bcae816aef91c078ae92df18
- SSDEEP
  
  48:6aIm+l597exYV1t40A11KH2bHYZ+IM81qYJQlMtNu/UKhkxkanFOELrfKLditlup:CbvvVeo2bHFeI4NAU0kxkAvX2diGXi
Score

1^/10
behavioral17 behavioral18
- Target
  
  R.E.P.O/REPO_Data/Managed/Klattersynth.dll
- Size
  
  84KB
- MD5
  
  09b4f29cae5f08a0c8eba1ee96e17fff
- SHA1
  
  a8065580be301bf497a139bf9783caff903e196c
- SHA256
  
  790ef9d885034936bc7a1ef2298f47faa10b51b5e3637eacca7c39425386a47b
- SHA512
  
  6c56435c34be5bae444758a7463d4c57dab6ed1961ae6cd73da3477e09101898106606bee718670101f8ccaa596883e8ba340b0439ab4defea2d1d540bbd9d93
- SSDEEP
  
  1536:P6SuniFrszCg3tGsPJsvKssp6a2+Pm+hH8IfHXwpMXwp1vKvvKAJCXHOHJCFwBfO:POidsGC0CsQG9AQrN+U
Score

1^/10
behavioral19 behavioral20
- Target
  
  R.E.P.O/REPO_Data/Managed/Mono.Security.dll
- Size
  
  235KB
- MD5
  
  0841dfacf30ea97bd834716188a2d08f
- SHA1
  
  61465571018211f19b29a012323c3bfed788b0d4
- SHA256
  
  98d714abde46476d8ec2a729d178fd24b9bb86cfa6416defac6b46220143181d
- SHA512
  
  79dc5ad0b44fa9eb272e16b625c560ca946411b3862deca2395c888130f07e09c28ee0b97b9f0a5225c4ca932901ba0616e659d34bda7d676be2409a16e27076
- SSDEEP
  
  6144:0UjTQ70cnf8MoVRxS9iJdBF119RJXG2y2+Q:lEiH119RJXV3
Score

1^/10
behavioral21 behavioral22
- Target
  
  R.E.P.O/REPO_Data/Managed/Newtonsoft.Json.dll
- Size
  
  675KB
- MD5
  
  d751086b7423fd5580b5e909b06217b9
- SHA1
  
  c1707b17df636cd6d4a804361fc6ead4ef9db5cf
- SHA256
  
  a56146202232958f46bd6a28b5a7da166aea123ee0d646735a46e5c341dfbf1f
- SHA512
  
  86655b59ad62664a35a30807cce7dc2c2be8f1ece235f35dc9031873d255dc6f13a22b55d0386becbe927f007a14a6d936ba3861d1103af8f2fe16aa0afebe11
- SSDEEP
  
  12288:aBNYm5IWx4AhnIqjCfP4bYaRLL0eglBmjV+0kRqQCB0jEIF:aBum5I24A5LYa5g1ByNyq5B0jzF
Score

1^/10
behavioral23 behavioral24
- Target
  
  R.E.P.O/REPO_Data/Managed/Photon3Unity3D.dll
- Size
  
  232KB
- MD5
  
  f4ed63ecaa255abfea482446f8d43155
- SHA1
  
  c80b0994e2e8a3a8833e6cdceb0055bccd015056
- SHA256
  
  d761abef6f533d404303058da32016c78b76459a94e755d974a9739a6c5281bd
- SHA512
  
  f7f8c0ba9d8b9047be6dcbbe1201d3e471339bb2d5fdb826c42a401262c54162444de9966eb5709e764019abe98785cf79a5ace13d7a8392f77ddf277292a708
- SSDEEP
  
  3072:Nf46H2QQgPLVRyG1r3nD0ucDq9tpWKRUs7x0AQtJ0nfZGOIbmp:N922D3D0uceoKR376S3
Score

1^/10
behavioral25 behavioral26
- Target
  
  R.E.P.O/REPO_Data/Managed/PhotonChat.dll
- Size
  
  34KB
- MD5
  
  a28cf489498b43ee89b960a9169be6df
- SHA1
  
  f818696f937dbfb2a7b3d1043cff1b90edd42ff2
- SHA256
  
  5689cd7befce8a3ae46544e38acd103117485d99e867a3004be8340f1b78e5b3
- SHA512
  
  de4ce6bae73f1e92927ba34a8acb4e0feb15ad568f139894e25fc704ae18ed2d3c11b47f3d3cb13bd59cc95e2e47179eded9983e1b7e6c23efae987270239630
- SSDEEP
  
  768:rJhr6Q9dvc7eR4YZN6SjEFJV2OA7v7GZSoipovqZu:DbU7g4eDjxgSoipoX
Score

1^/10
behavioral27 behavioral28
- Target
  
  R.E.P.O/REPO_Data/Managed/PhotonRealtime.dll
- Size
  
  108KB
- MD5
  
  8df8c5b69f7954b6b6c3f0a91da889fd
- SHA1
  
  d77a81532cc99fa0bd98c2605b228339a6c42f01
- SHA256
  
  f0f356a2d993df2b28f1aab7fc6b1aa4f816457eef34cc8b0fa4ba4800ddd3db
- SHA512
  
  7ede4463805f523aacf5cbd7a6fae3c4bff4f6a3bc1058c229486bbf96b7fce716a1330d1d6c3a44a7d448180b1a743e99ed54240565323048223a847a469f87
- SSDEEP
  
  1536:WVTOM2THG6Swr8I2tkmmgnz++eeXyQNtxDVnLTU8uw35SwruSvBrKUGWrECDiSWm:WVXWlr8I2tkmmgFeiys/vBrKuoE
Score

1^/10
behavioral29 behavioral30
- Target
  
  R.E.P.O/REPO_Data/Managed/PhotonUnityNetworking.Utilities.dll
- Size
  
  60KB
- MD5
  
  e3b7cfc93928de70fb93ce7d674546e5
- SHA1
  
  d99a489885cdb4b77d360d6561b0c44ac6ce824e
- SHA256
  
  0d45649e308ad15029b54b2ce51b397ee1a5111ace658cd926cc4f144e8aad77
- SHA512
  
  cd492053eb531d09f757b7db0c2775b1b7f24e040eaf0bc076335e85155ded95028969f1db4ec63f46858f6fef7bf292abf503737210c1aee03ed508ece35349
- SSDEEP
  
  768:U8y9ampUpw0JZ5JDZLRxicvM7zGhhUhxipftWFfAKV7S:UBxpUpbvDZGXChKhxMUY
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks whether UAC is enabled

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32