c3cad420d5e8e63d11b2b00d198db8cdf12018ab7080f870b21e29f89a897868.exe

General
Target

c3cad420d5e8e63d11b2b00d198db8cdf12018ab7080f870b21e29f89a897868.exe

Size

116KB

Sample

210422-wy9th7msz6

Score
10 /10
MD5

17e73f5c5a7ffa3797a0bdc1816d347b

SHA1

1f7266ab6bd84cb14c9ea97f03260aa4cc363135

SHA256

c3cad420d5e8e63d11b2b00d198db8cdf12018ab7080f870b21e29f89a897868

SHA512

66eea79ef843663ef26596c56f3a98119b2aa7ed3d302ddcb56a523cd61bb392de7276a7d8a63b23d2daa3685ab87d1910e4c5e35ace1458fa74c8b1baf8afd3

Malware Config
Targets
Target

c3cad420d5e8e63d11b2b00d198db8cdf12018ab7080f870b21e29f89a897868.exe

MD5

17e73f5c5a7ffa3797a0bdc1816d347b

Filesize

116KB

Score
10 /10
SHA1

1f7266ab6bd84cb14c9ea97f03260aa4cc363135

SHA256

c3cad420d5e8e63d11b2b00d198db8cdf12018ab7080f870b21e29f89a897868

SHA512

66eea79ef843663ef26596c56f3a98119b2aa7ed3d302ddcb56a523cd61bb392de7276a7d8a63b23d2daa3685ab87d1910e4c5e35ace1458fa74c8b1baf8afd3

Tags

Signatures

  • BlackNET

    Description

    BlackNET is an open source remote access tool written in VB.NET.

    Tags

  • BlackNET Payload

  • Contains code to disable Windows Defender

    Description

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Executes dropped EXE

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    10/10

                    behavioral1

                    10/10

                    behavioral2

                    10/10