General
-
Target
0213f005cf32cff9224d571e17b464ffcb2da574d25969d302fb26d8ff90afdf
-
Size
1.2MB
-
Sample
220502-wppt6scdh2
-
MD5
3f764a1fd47d9b5e8b63300cc9aa1983
-
SHA1
9760a40a721ac70181e20d587bdd5d60372f7196
-
SHA256
0213f005cf32cff9224d571e17b464ffcb2da574d25969d302fb26d8ff90afdf
-
SHA512
1fcaf9a7fd7bb868cae03593bcc23ab1b45f195a36d7da160f923b050f557cb9111a51fbf1ff01f1bffa943280ecd9f24f71f6cc6b446d6e2d2ebcd671626d7c
Static task
static1
Behavioral task
behavioral1
Sample
0213f005cf32cff9224d571e17b464ffcb2da574d25969d302fb26d8ff90afdf.exe
Resource
win7-20220414-en
Malware Config
Extracted
blacknet
v3.7.0 Public
Roma
https://otkidnye-ramki.ru/bt
BN[656c88c0a6e7d9e3ea66eb83bcb2888b]
-
antivm
false
-
elevate_uac
false
-
install_name
WindowsUpdate.exe
-
splitter
|BN|
-
start_name
e162b1333458a713bc6916cc8ac4110c
-
startup
false
-
usb_spread
false
Targets
-
-
Target
0213f005cf32cff9224d571e17b464ffcb2da574d25969d302fb26d8ff90afdf
-
Size
1.2MB
-
MD5
3f764a1fd47d9b5e8b63300cc9aa1983
-
SHA1
9760a40a721ac70181e20d587bdd5d60372f7196
-
SHA256
0213f005cf32cff9224d571e17b464ffcb2da574d25969d302fb26d8ff90afdf
-
SHA512
1fcaf9a7fd7bb868cae03593bcc23ab1b45f195a36d7da160f923b050f557cb9111a51fbf1ff01f1bffa943280ecd9f24f71f6cc6b446d6e2d2ebcd671626d7c
-
BlackNET Payload
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
suricata: ET MALWARE Win32/BlackNET CnC Keep-Alive
suricata: ET MALWARE Win32/BlackNET CnC Keep-Alive
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-