General
-
Target
173b9b105c6dcad7e04b8f06fc91526f4cd56eac0cf02a5be087c6d85a679235
-
Size
164KB
-
Sample
220502-c2g6bafadk
-
MD5
1a1c281d7766b632dab81929c4d3ac46
-
SHA1
3224744fb4c13c1a7c7b90ed7ee1f1cf657415df
-
SHA256
173b9b105c6dcad7e04b8f06fc91526f4cd56eac0cf02a5be087c6d85a679235
-
SHA512
8e5abfb709e554540da5f329a097a66ab89683ef953da0708e739740253e3b4a3e3aed88a9721a3b2a9e15b5e26a285ee4ec6cb7e80be59cce14d13604274a61
Static task
static1
Behavioral task
behavioral1
Sample
173b9b105c6dcad7e04b8f06fc91526f4cd56eac0cf02a5be087c6d85a679235.exe
Resource
win7-20220414-en
Malware Config
Extracted
blacknet
v3.5.1 Public
HacKed
http://192.168.43.95
BN[uqfzpguF-8864835]
-
antivm
false
-
elevate_uac
false
-
install_name
WindowsUpdate.exe
-
splitter
|BN|
-
start_name
a4f5fc179540a0b155d91b489e6811e2
-
startup
false
-
usb_spread
false
Targets
-
-
Target
173b9b105c6dcad7e04b8f06fc91526f4cd56eac0cf02a5be087c6d85a679235
-
Size
164KB
-
MD5
1a1c281d7766b632dab81929c4d3ac46
-
SHA1
3224744fb4c13c1a7c7b90ed7ee1f1cf657415df
-
SHA256
173b9b105c6dcad7e04b8f06fc91526f4cd56eac0cf02a5be087c6d85a679235
-
SHA512
8e5abfb709e554540da5f329a097a66ab89683ef953da0708e739740253e3b4a3e3aed88a9721a3b2a9e15b5e26a285ee4ec6cb7e80be59cce14d13604274a61
-
BlackNET Payload
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Suspicious use of SetThreadContext
-