General
-
Target
b30eebf734354f55373978e395c912393f3c674aaa4717748ae449b09832f6ae.exe
-
Size
117KB
-
Sample
210801-tdvy71svp6
-
MD5
b72d429d1d690165c7b0de4a074c4a58
-
SHA1
f0704d227482a80f2f90dab79ed4acd9770fe565
-
SHA256
b30eebf734354f55373978e395c912393f3c674aaa4717748ae449b09832f6ae
-
SHA512
f3b565e67d5a15d5305982701bd5f0d37eec0bfe2d152556584fa1d01faf1def6e616d0addea91e0663be084450b49f99e2108cc06a9b50c9e1482f9290b6c5c
Malware Config
Extracted
blacknet
v3.7.0 Public
Bot
http://furyx.de/panel
BN[c1916af6f3a468e5b6f5c7f6b9c78982]
-
antivm
false
-
elevate_uac
false
-
install_name
WindowsUpdate.exe
-
splitter
|BN|
-
start_name
e162b1333458a713bc6916cc8ac4110c
-
startup
false
-
usb_spread
true
Targets
-
-
Target
b30eebf734354f55373978e395c912393f3c674aaa4717748ae449b09832f6ae.exe
-
Size
117KB
-
MD5
b72d429d1d690165c7b0de4a074c4a58
-
SHA1
f0704d227482a80f2f90dab79ed4acd9770fe565
-
SHA256
b30eebf734354f55373978e395c912393f3c674aaa4717748ae449b09832f6ae
-
SHA512
f3b565e67d5a15d5305982701bd5f0d37eec0bfe2d152556584fa1d01faf1def6e616d0addea91e0663be084450b49f99e2108cc06a9b50c9e1482f9290b6c5c
Score10/10-
BlackNET
BlackNET is an open source remote access tool written in VB.NET.
-
BlackNET Payload
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Modifies Windows Defender Real-time Protection settings
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-