Blackguard malware analysis

Blackguard malware is a popular stealer with recent tactics, techniques and procedures present and capable of stealing sensitive information from the victims’ machines. 

Blackguard is a kind of MaaS (malware-as-a-service) software announced on underground forums with a lifetime price of $700 or a monthly price of $200. 

Figure 1: Blackguard stealer shared on underground forums in January 2022.

It is developed in C# and typically distributed in the wild through email, impersonating some legitimate software such as Windows Update files, Office documents, office installers, cleaning software etc. Also, Youtube videos promoting this piece of malware were found, potentially referring to a “Free cheat” software.

Figure 2: Blackguard malware disseminated on Youtube via attached URLs on videos’ descriptions (source).

Blackguard stealer is an improvement from the 44Caliber malware, and they are using the same TTP to steal credentials and details from the infected machines. It has been active since Jan. 12, 2022, and it was released on the Russian-based Forums, as presented in Figure 1. The available features depend on the package paid and the period of use.

Digging into the details

The workflow of Blackguard is simple: it validates if it is being executed under a sandbox environment, decodes

Read More: https://resources.infosecinstitute.com/topic/blackguard-malware-analysis/