General
-
Target
d78f6a0f8ce350f9ce330c31a6c0e26e11b166cfd9315a3f49a409d8ca54b330
-
Size
135KB
-
Sample
220307-qb6ymshfcl
-
MD5
c740a87df97df23491f66ec3496ccc01
-
SHA1
002cd30c235be15f3d71885677900e7560acaec2
-
SHA256
d78f6a0f8ce350f9ce330c31a6c0e26e11b166cfd9315a3f49a409d8ca54b330
-
SHA512
2fc2e41fc59e5c8faff5d59a54d45e9ce5545e8e8e6e35d72d29cf44a60b09dcc731aeed10a6ef0199a4d839c57a12c23489591d33735671be04fa5c796fc46b
Static task
static1
Behavioral task
behavioral1
Sample
d78f6a0f8ce350f9ce330c31a6c0e26e11b166cfd9315a3f49a409d8ca54b330.exe
Resource
win7-20220223-en
Behavioral task
behavioral2
Sample
d78f6a0f8ce350f9ce330c31a6c0e26e11b166cfd9315a3f49a409d8ca54b330.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
https://www.minpic.de/k/b7mx/17dz0k/
Extracted
blacknet
v3.6.0 Public
Bot
https://furyx.de/panel
BN[rYrxGuaj-8783562]
-
antivm
false
-
elevate_uac
true
-
install_name
WindowsUpdate.exe
-
splitter
|BN|
-
start_name
a5b002eacf54590ec8401ff6d3f920ee
-
startup
false
-
usb_spread
true
Extracted
asyncrat
0.5.7B
Default
dontreachme3.ddns.net:3601
dontreachme1.ddns.net:3601
AsyncMutex_6SI8OkPnk
-
anti_vm
false
-
bsod
true
-
delay
3
-
install
true
-
install_file
WindowsSecurityTaskfender.exe
-
install_folder
%AppData%
-
pastebin_config
null
Targets
-
-
Target
d78f6a0f8ce350f9ce330c31a6c0e26e11b166cfd9315a3f49a409d8ca54b330
-
Size
135KB
-
MD5
c740a87df97df23491f66ec3496ccc01
-
SHA1
002cd30c235be15f3d71885677900e7560acaec2
-
SHA256
d78f6a0f8ce350f9ce330c31a6c0e26e11b166cfd9315a3f49a409d8ca54b330
-
SHA512
2fc2e41fc59e5c8faff5d59a54d45e9ce5545e8e8e6e35d72d29cf44a60b09dcc731aeed10a6ef0199a4d839c57a12c23489591d33735671be04fa5c796fc46b
-
BlackNET Payload
-
suricata: ET MALWARE Win32/BlackNET CnC Keep-Alive
suricata: ET MALWARE Win32/BlackNET CnC Keep-Alive
-
Async RAT payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-