ioc[.]one - OSINT Cyber Threat Intelligence Database

Rising Stealer in Q1 2022: BlackGuard Stealer

Tags

country:	Russia
attack-pattern:	Data Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Private Keys - T1552.004 Screen Capture - T1513 Software - T1592.002 Tool - T1588.002 Private Keys - T1145 Screen Capture - T1113 Screen Capture

Show in Graph

Common Information

Type	Value
UUID	4bb6102e-edf5-49b3-a8fd-953669f42dfe
Fingerprint	a68448d247b68393
Analysis status	DONE
Considered CTI value	2
Text language
Published	May 24, 2022, 6:17 a.m.
Added to db	Sept. 26, 2022, 9:34 a.m.
Last updated	Nov. 17, 2024, 6:53 p.m.
Headline	Rising Stealer in Q1 2022: BlackGuard Stealer
Title	Rising Stealer in Q1 2022: BlackGuard Stealer
Detected Hints/Tags/Attributes	55/2/87

Source URLs

	Redirection	Url
Details	Source	https://medium.com/s2wblog/rising-stealer-in-q1-2022-blackguard-stealer-f516d9f85ee5

URL Provider

Details	Provider	Source level domain
Details	medium.com	medium.com

Attributes

Details	Type	#Events	Value
Details	Domain	189	asec.ahnlab.com
Details	Domain	768	www.youtube.com
Details	Domain	24	anonfiles.com
Details	Domain	2	01337.io
Details	Domain	46	datetime.now
Details	Domain	13	btc.com
Details	Domain	2	bitpapa.com
Details	Domain	8	block.io
Details	Domain	43	blockchain.com
Details	Domain	6	www.chase.com
Details	Domain	5	www.wellsfargo.com
Details	Domain	3	www.capitalone.com
Details	Domain	11	www.bankofamerica.com
Details	Domain	1174	gmail.com
Details	Domain	3	pay.google.com
Details	Domain	330	facebook.com
Details	Domain	3	navyfederal.org
Details	Domain	69	paypal.com
Details	Domain	145	api.telegram.org
Details	Domain	5	greenblguard.shop
Details	Domain	3	blguard.shop
Details	Domain	30	s2w.inc
Details	Domain	335	www.facebook.com
Details	Domain	1373	twitter.com
Details	File	6	soft.exe
Details	File	2	dnspy.xml
Details	File	64	logins.json
Details	File	36	key3.db
Details	File	41	key4.db
Details	File	96	wallet.dat
Details	File	12	user.config
Details	File	6	accounts.txt
Details	File	34	recentservers.xml
Details	File	45	information.txt
Details	File	15	screenshot.png
Details	File	28	s2w.inc
Details	md5	1	eb6c563af372d1af92ac2b60438d076d
Details	sha256	2	67843d45ba538eca29c63c3259d697f7e2ba84a3da941295b9207cdb01c85b71
Details	sha256	3	5293c26f29b4af6bc2f3f74ae1ed93537e6c311a695cc0a6920a635c57383617
Details	sha256	2	3c5a8e9820b549a70a353997bbce4fe16956dbab22dedde2f358f0f10930cf44
Details	sha256	2	216c960ac6ef399e7ff33b18c03777237ced76d59ce0f8bb4d5f9a22e85b3bd8
Details	sha256	3	352c936eaf45ffd2f99ba2a9e726eaa39af29d4c37a6ad5106849f07aa35896c
Details	sha256	2	3d3de136d6a22e6064a306452dab72dc70493b02f8f4a505f00bf3dc59e971d3
Details	sha256	2	52bd68ea60e7171ed2413cd5292b74ac9872928a1a723405fb73ad57419c5bc6
Details	sha256	2	7976a7aa5618c833edfebdbc29853c2f433ce1095a752a177deb76d7f68188be
Details	sha256	2	30023cfbcb45d75e461333e376fde3b053c33de84b88c64ef816c9f77e45b21f
Details	sha256	2	4f4d29507bafc223646d98f5fed78d52dd96caeee2072ff17b15718b45a1811f
Details	sha256	2	ba2bc430c4661aab84cf7e8fedf2684e5fc106f7797af4553aef7490193b00a6
Details	sha256	2	d888dafb1f2ae06311d507e5d3dfa41c851df2175e8441255e2095c09a058d0a
Details	sha256	3	7f2542ed2768a8bd5f6054eaf3c5f75cb4f77c0c8e887e58b613cb43d9dd9c13
Details	sha256	1	a00ef641b6163d787f2210d75eaf631ba1cb3a6f2d4a072226a885a056ee1c4d
Details	sha256	3	bbc8ac47d3051fbab328d4a8a4c1c8819707ac045ab6ac94b1997dac59be2ece
Details	sha256	2	b287dcb70b7a9ed7025171572a96f1447efa6adf88cd30aba591270052acfe8b
Details	sha256	2	0fc2a7d0dc1a3b0ec547deae8dc296a0b139f94f7f8609c91a8f04a8f939a3e9
Details	sha256	2	5b8d0e358948f885ad1e6fa854f637c1e30036bc217f2c7f2579a8782d472cda
Details	sha256	2	18db274624914ee6388bda20233db28307be4873bc053e05ad8f6761b217136f
Details	sha256	2	76b90299713b5d4ffd3c92b2cd66b3de68148c3133f927dfa385b075fd00d5b1
Details	sha256	2	62416ed5c114e347643b51879ee8a75e8a871ab7c02679402f99aaf697e9f9e8
Details	sha256	2	da5fdea2780ff2e36a3594283a24846c19953daf03063a875073deecc183c3ff
Details	sha256	2	c5c1a48c0062e113389988d4c70dbcc1a594da3b516dfe14185e622b9050b649
Details	sha256	2	918af1137f069eccc04220c280e13ed440a380aa0446cfa1d80b4e0ade6c3528
Details	sha256	2	15fc2939e2e67f1317f2e549b8214e83b8e1c493d94eeff2cf4a1cf58b94274f
Details	sha256	2	3f36af60743bfb923246e36bb860ff9021986c9e88c5a4176b67a4d0923125b8
Details	sha256	2	c1237d0e517abc7cd15bb55110196247b1f6ec397c28b8b2bdfba86dc5c8805f
Details	sha256	2	5ce632f1f10c96a7524bf384015c25681ef4771f09a6b86883a4da309d85452a
Details	sha256	2	26ebf8a0830652c9ea0de64dc0dca6d62caffc0aaa34abf43e7c410095c502ce
Details	sha256	2	d3b27ba36d01a6ed5492d662c20b38569b0019c29fe065e8f810b369fba76531
Details	sha256	3	4d66b5a09f4e500e7df0794552829c925a5728ad0acd9e68ec020e138abe80ac
Details	sha256	3	f2d25cb96d3411e4696f8f5401cb8f1af0d83bf3c6b69f511f1a694b1a86b74d
Details	sha256	2	31c4edabd35f8a9d0695c96f21acd8787eec68b8028973470d64c4956d9f1cd1
Details	sha256	3	f47db48129530cf19f3c42f0c9f38ce1915f403469483661999dc2b19e12650b
Details	sha256	3	c98e24c174130bba4836e08d24170866aa7128d62d3e2b25f3bc8562fdc74a66
Details	sha256	2	3335f6aff82ff30e3aa29e0cb487be0252ab7b6cf7fcbb074c5642c1f0d7d0c0
Details	sha256	2	9fff9895c476bee0cba9d3e209e841873f1756d18c40afa1b364bd2d8446997c
Details	Url	1	https://asec.ahnlab.com/en/32499
Details	Url	1	https://www.youtube.com/watch?v=yi8rjhqlsfg
Details	Url	2	https://anonfiles.com/j0b03ckexf
Details	Url	2	https://api.telegram.org/bot1068601339
Details	Url	2	https://api.telegram.org/bot1840568117
Details	Url	2	https://api.telegram.org/bot1822617155
Details	Url	2	https://api.telegram.org/bot1625195044
Details	Url	2	https://api.telegram.org/bot2113738307
Details	Url	3	https://greenblguard.shop
Details	Url	3	https://blguard.shop
Details	Url	27	https://s2w.inc
Details	Url	32	https://www.facebook.com/s2wlab
Details	Url	27	https://twitter.com/s2w_official