test2.exe

General
Target

test2.exe

Size

85KB

Sample

200917-npye4zvrks

Score
10 /10
MD5

44ae5900e0b03963ee0a02e72f004fc1

SHA1

fdebc2d4c5f5f79c10dab9197875aa5964f9f72e

SHA256

c214b31584d7f10aac62a292961052fecb27885fede2efe65c7f4cc40ae6dce0

SHA512

e3baa84f2b1a0e64aaedb0568ade8ae50d7acfddec1880aa7927dc3a8485ed598b49183d1ea953cc6e72e282e3cb002e7bf471f31bf5ec99ccacda2a910cb7bb

Malware Config
Targets
Target

test2.exe

MD5

44ae5900e0b03963ee0a02e72f004fc1

Filesize

85KB

Score
10 /10
SHA1

fdebc2d4c5f5f79c10dab9197875aa5964f9f72e

SHA256

c214b31584d7f10aac62a292961052fecb27885fede2efe65c7f4cc40ae6dce0

SHA512

e3baa84f2b1a0e64aaedb0568ade8ae50d7acfddec1880aa7927dc3a8485ed598b49183d1ea953cc6e72e282e3cb002e7bf471f31bf5ec99ccacda2a910cb7bb

Tags

Signatures

  • BlackNET

    Description

    BlackNET is an open source remote access tool written in VB.NET.

    Tags

  • BlackNET Payload

  • Contains code to disable Windows Defender

    Description

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Executes dropped EXE

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Enumerates physical storage devices

    Description

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

    TTPs

    System Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    10/10

                    behavioral1

                    10/10

                    behavioral2

                    10/10