Analysis
-
max time kernel
147s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
19/01/2025, 16:06
Behavioral task
behavioral1
Sample
BlackChecker.exe
Resource
win7-20240729-en
4 signatures
150 seconds
General
-
Target
BlackChecker.exe
-
Size
1.4MB
-
MD5
9e4cf92c487b76c1a34e5631d9fe74f7
-
SHA1
372057bcfed4ef5873f87ad11ef50a4c98fc952a
-
SHA256
3b3a252fb13ba2cd0026cebe424330b306b4cd77681faf6ee9e5be5acd443879
-
SHA512
03f10aade1579474b216778ef111899c8c03e3a7ce8dc78e84b3c8f393653a986957b57488eda7a70ea265c34508766ec5ed78d74525ddffdf8907ec875ee24b
-
SSDEEP
12288:F5AjKMHx/LvyCj3BkupFW5AjKMHx/LvyCj3BkupFdymAFdSLcnTDrY44V:DYvb3BksSYvb3BkszB4nT
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
resource yara_rule behavioral1/memory/2528-1-0x0000000000B90000-0x0000000000D12000-memory.dmp agile_net -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 64 IoCs
flow ioc 246 pastebin.com 268 pastebin.com 343 pastebin.com 349 pastebin.com 467 pastebin.com 227 pastebin.com 536 pastebin.com 552 pastebin.com 124 pastebin.com 125 pastebin.com 557 pastebin.com 356 pastebin.com 622 pastebin.com 710 pastebin.com 26 pastebin.com 56 pastebin.com 192 pastebin.com 322 pastebin.com 384 pastebin.com 432 pastebin.com 488 pastebin.com 719 pastebin.com 46 pastebin.com 53 pastebin.com 127 pastebin.com 369 pastebin.com 548 pastebin.com 652 pastebin.com 20 pastebin.com 328 pastebin.com 696 pastebin.com 34 pastebin.com 485 pastebin.com 490 pastebin.com 563 pastebin.com 54 pastebin.com 86 pastebin.com 714 pastebin.com 768 pastebin.com 263 pastebin.com 375 pastebin.com 407 pastebin.com 430 pastebin.com 675 pastebin.com 85 pastebin.com 452 pastebin.com 716 pastebin.com 778 pastebin.com 29 pastebin.com 258 pastebin.com 291 pastebin.com 444 pastebin.com 520 pastebin.com 538 pastebin.com 606 pastebin.com 734 pastebin.com 265 pastebin.com 344 pastebin.com 401 pastebin.com 439 pastebin.com 569 pastebin.com 618 pastebin.com 702 pastebin.com 742 pastebin.com -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language BlackChecker.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2528 BlackChecker.exe