General

  • Target

    173b9b105c6dcad7e04b8f06fc91526f4cd56eac0cf02a5be087c6d85a679235

  • Size

    164KB

  • Sample

    220502-c2g6bafadk

  • MD5

    1a1c281d7766b632dab81929c4d3ac46

  • SHA1

    3224744fb4c13c1a7c7b90ed7ee1f1cf657415df

  • SHA256

    173b9b105c6dcad7e04b8f06fc91526f4cd56eac0cf02a5be087c6d85a679235

  • SHA512

    8e5abfb709e554540da5f329a097a66ab89683ef953da0708e739740253e3b4a3e3aed88a9721a3b2a9e15b5e26a285ee4ec6cb7e80be59cce14d13604274a61

Score
10/10

Malware Config

Extracted

Family

blacknet

Version

v3.5.1 Public

Botnet

HacKed

C2

http://192.168.43.95

Mutex

BN[uqfzpguF-8864835]

Attributes
  • antivm

    false

  • elevate_uac

    false

  • install_name

    WindowsUpdate.exe

  • splitter

    |BN|

  • start_name

    a4f5fc179540a0b155d91b489e6811e2

  • startup

    false

  • usb_spread

    false

Targets

    • Target

      173b9b105c6dcad7e04b8f06fc91526f4cd56eac0cf02a5be087c6d85a679235

    • Size

      164KB

    • MD5

      1a1c281d7766b632dab81929c4d3ac46

    • SHA1

      3224744fb4c13c1a7c7b90ed7ee1f1cf657415df

    • SHA256

      173b9b105c6dcad7e04b8f06fc91526f4cd56eac0cf02a5be087c6d85a679235

    • SHA512

      8e5abfb709e554540da5f329a097a66ab89683ef953da0708e739740253e3b4a3e3aed88a9721a3b2a9e15b5e26a285ee4ec6cb7e80be59cce14d13604274a61

    Score
    10/10
    • BlackNET

      BlackNET is an open source remote access tool written in VB.NET.

    • BlackNET Payload

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks