blackguard | fad398fd1100f4afa63068f3d41a7c9be46102b9229c8e43ea6335ad59ac55fb | Triage

Resubmissions

23/03/2025, 10:00

250323-l1t8xszqy9 10

23/03/2025, 09:50

250323-ltz6lawwft 10

Sharing

General

Target

R.E.P.O.v0.1.2-OFME.rar
Size

386.1MB
Sample

250323-l1t8xszqy9
MD5

3272e8d6f9d92fdf583f26b047cd823c
SHA1

b539a3e69b8d92b2c48c935f3051ab4b68b3aa34
SHA256

fad398fd1100f4afa63068f3d41a7c9be46102b9229c8e43ea6335ad59ac55fb
SHA512

364c8d38f5d1b8323eb1bdc3d8548ca2630493e7982a9db6e75c21994979d9adeaba8575c114a78e9fc33d9738177f06c08bc534db27e4e3dd9d5491e334e0d7
SSDEEP

6291456:+WVq8Q31asIx4D31VWJTvRMmo5+YgdQAOYUazMVhJ34kYnsWD:rVkafyDoT5LYgwYehJ3lYnsWD

Score

10^/10

blackguard discovery execution

Malware Config

Targets

- Target
  
  R.E.P.O.v0.1.2-OFME.rar
- Size
  
  386.1MB
- MD5
  
  3272e8d6f9d92fdf583f26b047cd823c
- SHA1
  
  b539a3e69b8d92b2c48c935f3051ab4b68b3aa34
- SHA256
  
  fad398fd1100f4afa63068f3d41a7c9be46102b9229c8e43ea6335ad59ac55fb
- SHA512
  
  364c8d38f5d1b8323eb1bdc3d8548ca2630493e7982a9db6e75c21994979d9adeaba8575c114a78e9fc33d9738177f06c08bc534db27e4e3dd9d5491e334e0d7
- SSDEEP
  
  6291456:+WVq8Q31asIx4D31VWJTvRMmo5+YgdQAOYUazMVhJ34kYnsWD:rVkafyDoT5LYgwYehJ3lYnsWD
Score

7^/10
- Executes dropped EXE
behavioral1
- Target
  
  R.E.P.O/MonoBleedingEdge/etc/mono/4.5/DefaultWsdlHelpGenerator.aspx
- Size
  
  59KB
- MD5
  
  f7be9f1841ff92f9d4040aed832e0c79
- SHA1
  
  b3e4b508aab3cf201c06892713b43ddb0c43b7ae
- SHA256
  
  751861040b69ea63a3827507b7c8da9c7f549dc181c1c8af4b7ca78cc97d710a
- SHA512
  
  380e97f7c17ee0fdf6177ed65f6e30de662a33a8a727d9f1874e9f26bd573434c3dedd655b47a21b998d32aaa72a0566df37e901fd6c618854039d5e0cbef3f5
- SSDEEP
  
  768:6CEPutHjvpMgMwP9h5Ij7khsp/6JtEZwMXVtkUI3t3CXyEyk3VbNbqDvJ4oT1y:/r6CdsCOZwMX3k5dWyklh+Dvbw
Score

3^/10

execution
behavioral2
- Target
  
  R.E.P.O/OnlineFix.url
- Size
  
  46B
- MD5
  
  59bf167dc52a52f6e45f418f8c73ffa1
- SHA1
  
  fa006950a6a971e89d4a1c23070d458a30463999
- SHA256
  
  3cb526cccccc54af4c006fff00d1f48f830d08cdd4a2f21213856065666ef38e
- SHA512
  
  00005820f0418d4a3b802de4a7055475c88d79c2ee3ebfa580b7ae66a12c6966e5b092a02dc0f40db0fd3b821ea28d4aec14d7d404ead4ea88dc54a1815ffe26
Score

6^/10

discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral3
- Target
  
  R.E.P.O/REPO.exe
- Size
  
  651KB
- MD5
  
  37e2e7e012343ccef500133286fcbf27
- SHA1
  
  4b7e66039d04b14ddcfb580a6e6a395ea52222be
- SHA256
  
  1643ff9ed131adde7a22363f26d36308b4b4fb8f9ba61e5afce3b6803c5cb302
- SHA512
  
  418dcb69e506f42248c00459eb3fa5a576006fead83cb5372e5710a8e95265654c316bbb314e4b8afa69e393a7cdf01219b7e17095d1990ab418f0aed68c687e
- SSDEEP
  
  12288:c/744aOD8GVma8Vk2WbYq5qL7Lp4SKpRUzfBI4xa7iKXS:m9aO/Vma72z9KY7BID7iKi
Score

1^/10
behavioral4
- Target
  
  R.E.P.O/UnityCrashHandler64.exe
- Size
  
  1.1MB
- MD5
  
  9fbd5305c2c2fc8458c9774d3dd815e4
- SHA1
  
  4bb449696116301c686f51135699302d62770a0c
- SHA256
  
  670e0fe0d0b8e5d42109b0b4dec606c6f8252b8c98af807e36b40117c07f269f
- SHA512
  
  2ea7aecd995bbb102d03766ffc4a5419a784fc69cdee263afebcde70d2db795f88b9c39f591c0b1fcee7ab52334766b50e8827204b39b9f9cc497dc6f854684e
- SSDEEP
  
  12288:wdQguUWSv0LZ0dkXepg517sB0I5NTBpoEfHfR2o/EoK//60pJgQfz2fzAi:wdlupSMLag1700IAiw1/TJdz+zAi
Score

1^/10
behavioral5

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5