The stealer contains a hardcoded array of bytes which is decoded in runtime to ASCII strings followed by base64 decoding. Once executed, it checks and kills the processes related to antivirus and sandbox as shown in the figure below.įig 2. Currently, it is in active development and has the following capabilities: Forum thread promoting the BlackGuard stealer Technical Analysis:īlackGuard is a. In this blog, we share analysis and screenshots of the techniques this stealer uses to steal information and evade detection using obfuscation, as well as techniques used for anti-debugging.įig 1. Blackguard is currently being sold as malware-as-a-service with a lifetime price of $700 and a monthly price of $200.īlackGuard has the capability to steal all types of information related to Crypto wallets, VPN, Messengers, FTP credentials, saved browser credentials, and email clients. ![]() While recently perusing one of these hacking forums during regular research activities, the Zscaler ThreatLabz team came across BlackGuard, a sophisticated stealer, advertised for sale. Malware-as-a-service has contributed substantially to the growth of ransomware and phishing attacks (among other attack types) in the past year, as they lower the technical barrier to entry for criminals to carry out attacks. Hacking forums often double up as underground marketplaces where cybercriminals buy, rent, and sell all kinds of malicious illegal products, including software, trojans, stealers, exploits, and leaked credentials.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |