![]() The malware strings are obfuscated with a base64 encoder and decoded in runtime. ![]() The workflow of Blackguard is simple: it validates if it is being executed under a sandbox environment, decodes its internal strings in memory, collects sensitive information, including browser information and crypto-wallets, and sends all the information to the Telegram channel.įigure 3: Blackguard malware detects AV processes and terminates its execution ( source ). The available features depend on the package paid and the period of use. 12, 2022, and it was released on the Russian-based Forums, as presented in Figure 1. Also, Youtube videos promoting this piece of malware were found, potentially referring to a “Free cheat” software.įigure 2: Blackguard malware disseminated on Youtube via attached URLs on videos’ descriptions ( source ).īlackguard stealer is an improvement from the 44Caliber malware, and they are using the same TTP to steal credentials and details from the infected machines. It is developed in C# and typically distributed in the wild through email, impersonating some legitimate software such as Windows Update files, Office documents, office installers, cleaning software etc. ![]() Blackguard is a kind of MaaS (malware-as-a-service) software announced on underground forums with a lifetime price of $700 or a monthly price of $200.įigure 1: Blackguard stealer shared on underground forums in January 2022.
0 Comments
Leave a Reply. |