General
-
Target
17e73f5c5a7ffa3797a0bdc1816d347b.exe
-
Size
116KB
-
Sample
210421-tk9jjt8s6j
-
MD5
17e73f5c5a7ffa3797a0bdc1816d347b
-
SHA1
1f7266ab6bd84cb14c9ea97f03260aa4cc363135
-
SHA256
c3cad420d5e8e63d11b2b00d198db8cdf12018ab7080f870b21e29f89a897868
-
SHA512
66eea79ef843663ef26596c56f3a98119b2aa7ed3d302ddcb56a523cd61bb392de7276a7d8a63b23d2daa3685ab87d1910e4c5e35ace1458fa74c8b1baf8afd3
Behavioral task
behavioral1
Sample
17e73f5c5a7ffa3797a0bdc1816d347b.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
17e73f5c5a7ffa3797a0bdc1816d347b.exe
Resource
win10v20210410
Malware Config
Extracted
blacknet
v3.7.0 Public
94qF3s
http://www.rtmmodz.a2hosted.com/
BN[dbdb82ae7c8fe0]
-
antivm
false
-
elevate_uac
false
-
install_name
WindowsUpdate.exe
-
splitter
|BN|
-
start_name
e162b1333458a713bc6916cc8ac4110c
-
startup
false
-
usb_spread
false
Targets
-
-
Target
17e73f5c5a7ffa3797a0bdc1816d347b.exe
-
Size
116KB
-
MD5
17e73f5c5a7ffa3797a0bdc1816d347b
-
SHA1
1f7266ab6bd84cb14c9ea97f03260aa4cc363135
-
SHA256
c3cad420d5e8e63d11b2b00d198db8cdf12018ab7080f870b21e29f89a897868
-
SHA512
66eea79ef843663ef26596c56f3a98119b2aa7ed3d302ddcb56a523cd61bb392de7276a7d8a63b23d2daa3685ab87d1910e4c5e35ace1458fa74c8b1baf8afd3
Score10/10-
BlackNET Payload
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Executes dropped EXE
-
Adds Run key to start application
-