General
-
Target
7596016134.zip
-
Size
139KB
-
Sample
220614-169m5abfd6
-
MD5
70d4cc08bad190536691dc979d825b75
-
SHA1
5fa869a61b828caa924dc63c6ec68831f3d809c4
-
SHA256
86f5d60117c8881242d3e23e6f966306dc32265f8f1ba8a7ccd6c146bea3cf24
-
SHA512
77798f0f963249689cbfd3b16a8d7f251466ac095473c96eda6d34e618c700993c943a4441be0a9e57d2096f9e4b7b5e9ff53a5bfcf0bba5f0d86b4efc7d2683
Malware Config
Extracted
blacknet
v3.7.0 Public
Second
https://mailquickdiate.com
BN[e9ebec8bb16ee9a3]
-
antivm
false
-
elevate_uac
false
-
install_name
WindowsUpdate.exe
-
splitter
|BN|
-
start_name
e162b1333458a713bc6916cc8ac4110c
-
startup
true
-
usb_spread
false
Targets
-
-
Target
4fbba14a292b8827b2034f8a3b22ad408248e64585876cd93d7eb9e4bf96735c
-
Size
316KB
-
MD5
638681d2a3ca3ab15791adf63e068f5c
-
SHA1
8d9be64a501184e14eeeb3bd1b1f2bc6d7ab7c53
-
SHA256
4fbba14a292b8827b2034f8a3b22ad408248e64585876cd93d7eb9e4bf96735c
-
SHA512
f407a7e234e7ee7fc7a756335420f2b6056838c6a8734ba7daf98f31abde19d36b41c6f28e3d3e5e49e857d539f0cf14fb8ae8b5f915208fc4fbe551d31ad555
Score10/10-
BlackNET
BlackNET is an open source remote access tool written in VB.NET.
-
BlackNET Payload
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
suricata: ET MALWARE Win32/BlackNET CnC Keep-Alive
suricata: ET MALWARE Win32/BlackNET CnC Keep-Alive
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-