blackguard | 64a32ac6adbb8ccada1ca74ed4af18eb3e38620b90d2573b2f8954bbeb6364b3 | Triage

Sharing

General

Target

REPO_Fix_Repair_Steam_V3_Generic.rar
Size

10.6MB
Sample

250322-v8y2hs1rs3
MD5

d27dc422ef9c7ad7edd6ef4e1278676b
SHA1

f6fe0fe1944028a104fb6544cd8433d0de016c2d
SHA256

64a32ac6adbb8ccada1ca74ed4af18eb3e38620b90d2573b2f8954bbeb6364b3
SHA512

2e95ce76822291bcaefb323f25913f5bf939b63fc98809668c51e9b795b363b84bd75791b6f40cd40b15344f1c9736777e305bcb91e024cf688403cc92eb3a15
SSDEEP

196608:/TTxcr8Za4eGgrnJeoGaR7N6sIXhQYY1GmCoUOydWUVsyssY6VXBTLa7Q:rTY8ZCJeiRIXh9GGpNpjsZ36VXBK7Q

Score

10^/10

blackguard defense_evasion discovery trojan

Malware Config

Targets

- Target
  
  REPO_Fix_Repair_Steam_V3_Generic.rar
- Size
  
  10.6MB
- MD5
  
  d27dc422ef9c7ad7edd6ef4e1278676b
- SHA1
  
  f6fe0fe1944028a104fb6544cd8433d0de016c2d
- SHA256
  
  64a32ac6adbb8ccada1ca74ed4af18eb3e38620b90d2573b2f8954bbeb6364b3
- SHA512
  
  2e95ce76822291bcaefb323f25913f5bf939b63fc98809668c51e9b795b363b84bd75791b6f40cd40b15344f1c9736777e305bcb91e024cf688403cc92eb3a15
- SSDEEP
  
  196608:/TTxcr8Za4eGgrnJeoGaR7N6sIXhQYY1GmCoUOydWUVsyssY6VXBTLa7Q:rTY8ZCJeiRIXh9GGpNpjsZ36VXBK7Q
Score

1^/10
behavioral1 behavioral2
- Target
  
  Custom.dll
- Size
  
  2.1MB
- MD5
  
  782156fe045e36aa35a1089ed5521b08
- SHA1
  
  fb8a0e981a63dcf82fa591ba752df78f71dabb04
- SHA256
  
  8a529cd02209d5677eab00abc9f0b89f6d5f32b25ed241811afc9e8ac030ea5e
- SHA512
  
  74f1c4eb692647fb5a633a9ad7b18940dc9832b41ed7d9b553769b066027da12026f0ad379868b65067cfb055a8b5070ef1d4e17272d1436d53e87d1176b12ec
- SSDEEP
  
  24576:juILGblwKgf70b6sAUmLuBUJ/KE/dFdy8goDSGIt6:jwlS0bBmQKRynqS
Score

1^/10
behavioral3 behavioral4
- Target
  
  OnlineFix.ini
- Size
  
  595B
- MD5
  
  5975ca4e7fff1880c3049043fd1eb2a5
- SHA1
  
  cb2a55a9137a3e4c731d466a95dc98ac261b3604
- SHA256
  
  c643d5c27dd3a9c2d6db9982f9289f1b975e34a6087649caf9ffc7e7115d4398
- SHA512
  
  08d80520f9d32b0c709be022731092bf7e2d9a69006c8fbf1a907933cde8a11db46ecbe6304aafade31d78db75106121d04c27ed0909d00ee6a0ba4ccbf1cf3c
Score

1^/10
behavioral5 behavioral6
- Target
  
  OnlineFix.url
- Size
  
  46B
- MD5
  
  59bf167dc52a52f6e45f418f8c73ffa1
- SHA1
  
  fa006950a6a971e89d4a1c23070d458a30463999
- SHA256
  
  3cb526cccccc54af4c006fff00d1f48f830d08cdd4a2f21213856065666ef38e
- SHA512
  
  00005820f0418d4a3b802de4a7055475c88d79c2ee3ebfa580b7ae66a12c6966e5b092a02dc0f40db0fd3b821ea28d4aec14d7d404ead4ea88dc54a1815ffe26
Score

6^/10

defense_evasion discovery trojan
- Checks whether UAC is enabled
  defense_evasion trojan
- Legitimate hosting services abused for malware hosting/C2
behavioral7 behavioral8
- Target
  
  OnlineFix64.dll
- Size
  
  11.3MB
- MD5
  
  1dc3a9fd539541dfd04ba19b0e65a1bb
- SHA1
  
  2a0ab8d86a16546ee040d866dc8e7acc9888a12c
- SHA256
  
  316eba6541ee72195e949c04597a37309869f683b96561f558c231d796974b10
- SHA512
  
  0110d961a7d4ac14f075fdabb1c5366c73c76397b3b3f34df72991dd2cf14ced18a0293d49f48b2bb1eaac5206945aa4e7acac48fcd0c7380cc13a14558cfe50
- SSDEEP
  
  196608:V8PPzFUF/qRFyL7ekwe/G8hNJRWH035NoWVxqr1Pow3PISBQxJcX6Qz:WPPRgqRF+wLQjJHoWm1PowImQxGqQ
Score

1^/10
behavioral10 behavioral9
- Target
  
  REPO_Data/Plugins/x86_64/steam_api64.dll
- Size
  
  256KB
- MD5
  
  8afde2d19c89d0bf1a9f6ec475aa0ebb
- SHA1
  
  7d1453b841dfb1101ab45f63d3b4294b6c5d0cb6
- SHA256
  
  473f5a312b56519f347741b63f3dea590946b96ea40ef3803d5f452c39af2f1e
- SHA512
  
  4166361eead938b1a01f110ae3acd3660f5123ccf97b4504ed0577b3eedbe57cee5222aef037524de6051a6727c88161a4aa250b4ae60fd84ccfb2591d1b2090
- SSDEEP
  
  3072:NfpmprkbwQzAVsCeOTdmTxMezfOLgSbew/N65lhTbC66rpFvwLdyN+Qe2UvMxCbh:mprksQUVsCeOTdmTxDSLGnpynxCbmyx
Score

1^/10
behavioral11 behavioral12
- Target
  
  SteamOverlay64.dll
- Size
  
  114KB
- MD5
  
  0a5429b888c75f6525e1100e32dd2b69
- SHA1
  
  8ae224580aa0838a7b1570c79d4d8f27a1b46d19
- SHA256
  
  f784b4b85b627c7ea541bd2a90c9fc6e9736a0731707c31265aa86fe684dc2df
- SHA512
  
  5f77ac9619ccb5baebabb2e406ce265148ad18c6e1162c7d4c3a5656f38abedf90f756a829da856312689a738a3258382f37a279843bf7db0c14ac953c6992ef
- SSDEEP
  
  1536:h1iaPnCtV4+1/IGiaA7bSMhP3rOy843NxnpWJtRsWkd09dl38s6BtcBRXh4:h1iaPn5+uGi/7bpxaX43Ni3aMLJB1h
Score

1^/10
behavioral13 behavioral14
- Target
  
  dlllist.txt
- Size
  
  139B
- MD5
  
  7dd443df8404c42b7db22908ad5132b9
- SHA1
  
  302f827ca20c8b4c7d71a466907c2421661429e1
- SHA256
  
  4b93c54c0d588197645352d11ebc066f6f8150a2826ed04c1525ae865ce00153
- SHA512
  
  a5be18614385400aadc57c2bd09760ac58a367b3bd1643b2e4aaa2db5426e5fe806a5428568fadc896243f65f7391c12f71b83475ed6db9ad175de6c3ab9f530
Score

1^/10
behavioral15 behavioral16
- Target
  
  winmm.dll
- Size
  
  512KB
- MD5
  
  e59aac558d9f9c5d1312ac24d09c51d5
- SHA1
  
  2f11c4b00f5f92d4466348f9501aa657c9bf6fa7
- SHA256
  
  ba37009eef6c041bc6d0a271c13679fb9e14a005bd7e038cee596cd4064cf8b3
- SHA512
  
  1c3b357074d62d5ca11c92d71ffdacb4a7e3d6fb17cbd4b489e5bea0032cea43650a6809388e98e4b98256b477c6b5dbd8fd2c7f4e3e08af00ef68e0ed4406d0
- SSDEEP
  
  12288:XQxOD9ZC0WKOy8zMtJKpBmpMgBNwQuQmMzWq0hNwnoAZwl:XQxOD9ZFKpB+N7JmMzWq0hNwnBZ
Score

1^/10
behavioral17 behavioral18

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

defense_evasiondiscoverytrojan

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18