Extracted

• • Target

    4fbba14a292b8827b2034f8a3b22ad408248e64585876cd93d7eb9e4bf96735c

  • Size

    316KB

  • MD5

    638681d2a3ca3ab15791adf63e068f5c

  • SHA1

    8d9be64a501184e14eeeb3bd1b1f2bc6d7ab7c53

  • SHA256

    4fbba14a292b8827b2034f8a3b22ad408248e64585876cd93d7eb9e4bf96735c

  • SHA512

    f407a7e234e7ee7fc7a756335420f2b6056838c6a8734ba7daf98f31abde19d36b41c6f28e3d3e5e49e857d539f0cf14fb8ae8b5f915208fc4fbe551d31ad555

  Score

  10^/10

  blacknetsecondpersistencetrojansuricata

  • BlackNET

    BlackNET is an open source remote access tool written in VB.NET.

    trojanblacknet

  • BlackNET Payload

  • Contains code to disable Windows Defender

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • suricata: ET MALWARE Win32/BlackNET CnC Keep-Alive

    suricata: ET MALWARE Win32/BlackNET CnC Keep-Alive

    suricata

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application

    persistence
  behavioral1behavioral2