Behavioral task
behavioral1
Sample
c3cad420d5e8e63d11b2b00d198db8cdf12018ab7080f870b21e29f89a897868.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
c3cad420d5e8e63d11b2b00d198db8cdf12018ab7080f870b21e29f89a897868.exe
Resource
win10v20210408
General
-
Target
c3cad420d5e8e63d11b2b00d198db8cdf12018ab7080f870b21e29f89a897868.exe
-
Size
116KB
-
MD5
17e73f5c5a7ffa3797a0bdc1816d347b
-
SHA1
1f7266ab6bd84cb14c9ea97f03260aa4cc363135
-
SHA256
c3cad420d5e8e63d11b2b00d198db8cdf12018ab7080f870b21e29f89a897868
-
SHA512
66eea79ef843663ef26596c56f3a98119b2aa7ed3d302ddcb56a523cd61bb392de7276a7d8a63b23d2daa3685ab87d1910e4c5e35ace1458fa74c8b1baf8afd3
Malware Config
Extracted
blacknet
v3.7.0 Public
94qF3s
http://www.rtmmodz.a2hosted.com/
BN[dbdb82ae7c8fe0]
-
antivm
false
-
elevate_uac
false
-
install_name
WindowsUpdate.exe
-
splitter
|BN|
-
start_name
e162b1333458a713bc6916cc8ac4110c
-
startup
false
-
usb_spread
false
Signatures
-
BlackNET Payload 1 IoCs
Processes:
resource yara_rule sample family_blacknet -
Blacknet family
-
Contains code to disable Windows Defender 1 IoCs
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
Processes:
resource yara_rule sample disable_win_def
Files
-
c3cad420d5e8e63d11b2b00d198db8cdf12018ab7080f870b21e29f89a897868.exe.exe windows x86