Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
19/01/2025, 16:06
Behavioral task
behavioral1
Sample
BlackChecker.exe
Resource
win7-20240729-en
4 signatures
150 seconds
General
-
Target
BlackChecker.exe
-
Size
1.4MB
-
MD5
9e4cf92c487b76c1a34e5631d9fe74f7
-
SHA1
372057bcfed4ef5873f87ad11ef50a4c98fc952a
-
SHA256
3b3a252fb13ba2cd0026cebe424330b306b4cd77681faf6ee9e5be5acd443879
-
SHA512
03f10aade1579474b216778ef111899c8c03e3a7ce8dc78e84b3c8f393653a986957b57488eda7a70ea265c34508766ec5ed78d74525ddffdf8907ec875ee24b
-
SSDEEP
12288:F5AjKMHx/LvyCj3BkupFW5AjKMHx/LvyCj3BkupFdymAFdSLcnTDrY44V:DYvb3BksSYvb3BkszB4nT
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
resource yara_rule behavioral2/memory/2548-1-0x0000000000CB0000-0x0000000000E32000-memory.dmp agile_net -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 64 IoCs
flow ioc 196 pastebin.com 381 pastebin.com 428 pastebin.com 837 pastebin.com 931 pastebin.com 687 pastebin.com 758 pastebin.com 28 pastebin.com 369 pastebin.com 392 pastebin.com 406 pastebin.com 684 pastebin.com 403 pastebin.com 61 pastebin.com 207 pastebin.com 316 pastebin.com 509 pastebin.com 880 pastebin.com 413 pastebin.com 702 pastebin.com 757 pastebin.com 9 pastebin.com 43 pastebin.com 123 pastebin.com 139 pastebin.com 202 pastebin.com 1017 pastebin.com 64 pastebin.com 723 pastebin.com 746 pastebin.com 983 pastebin.com 654 pastebin.com 656 pastebin.com 1003 pastebin.com 1079 pastebin.com 295 pastebin.com 658 pastebin.com 1105 pastebin.com 777 pastebin.com 941 pastebin.com 984 pastebin.com 174 pastebin.com 271 pastebin.com 451 pastebin.com 1067 pastebin.com 70 pastebin.com 95 pastebin.com 617 pastebin.com 685 pastebin.com 1021 pastebin.com 1038 pastebin.com 1109 pastebin.com 55 pastebin.com 394 pastebin.com 870 pastebin.com 966 pastebin.com 989 pastebin.com 506 pastebin.com 345 pastebin.com 405 pastebin.com 538 pastebin.com 759 pastebin.com 284 pastebin.com 610 pastebin.com -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language BlackChecker.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2548 BlackChecker.exe