Behavioral task
behavioral1
Sample
b30eebf734354f55373978e395c912393f3c674aaa4717748ae449b09832f6ae.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
b30eebf734354f55373978e395c912393f3c674aaa4717748ae449b09832f6ae.exe
Resource
win10v20210410
General
-
Target
b30eebf734354f55373978e395c912393f3c674aaa4717748ae449b09832f6ae.exe
-
Size
117KB
-
MD5
b72d429d1d690165c7b0de4a074c4a58
-
SHA1
f0704d227482a80f2f90dab79ed4acd9770fe565
-
SHA256
b30eebf734354f55373978e395c912393f3c674aaa4717748ae449b09832f6ae
-
SHA512
f3b565e67d5a15d5305982701bd5f0d37eec0bfe2d152556584fa1d01faf1def6e616d0addea91e0663be084450b49f99e2108cc06a9b50c9e1482f9290b6c5c
Malware Config
Extracted
blacknet
v3.7.0 Public
Bot
http://furyx.de/panel
BN[c1916af6f3a468e5b6f5c7f6b9c78982]
-
antivm
false
-
elevate_uac
false
-
install_name
WindowsUpdate.exe
-
splitter
|BN|
-
start_name
e162b1333458a713bc6916cc8ac4110c
-
startup
false
-
usb_spread
true
Signatures
-
BlackNET Payload 1 IoCs
Processes:
resource yara_rule sample family_blacknet -
Blacknet family
-
Contains code to disable Windows Defender 1 IoCs
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
Processes:
resource yara_rule sample disable_win_def
Files
-
b30eebf734354f55373978e395c912393f3c674aaa4717748ae449b09832f6ae.exe.exe windows x86