Overview

overview

10

Static

static

10

4fbba14a29...5c.exe

windows7_x64

10

4fbba14a29...5c.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7596016134.zip

  • Size

    139KB

  • MD5

    70d4cc08bad190536691dc979d825b75

  • SHA1

    5fa869a61b828caa924dc63c6ec68831f3d809c4

  • SHA256

    86f5d60117c8881242d3e23e6f966306dc32265f8f1ba8a7ccd6c146bea3cf24

  • SHA512

    77798f0f963249689cbfd3b16a8d7f251466ac095473c96eda6d34e618c700993c943a4441be0a9e57d2096f9e4b7b5e9ff53a5bfcf0bba5f0d86b4efc7d2683

  • SSDEEP

    3072:g37U570y7uzXOmERQFgu0Df3soUAKVFrobkcM:g345kR+f+VB

Score
10/10
secondblacknet

Malware Config

Extracted

Family

blacknet

Version

v3.7.0 Public

Botnet

Second

C2

https://mailquickdiate.com

Mutex

BN[e9ebec8bb16ee9a3]

Attributes
  • antivm

    false

  • elevate_uac

    false

  • install_name

    WindowsUpdate.exe

  • splitter

    |BN|

  • start_name

    e162b1333458a713bc6916cc8ac4110c

  • startup

    true

  • usb_spread

    false

aes.plain

Signatures

  • BlackNET Payload 1 IoCs
  • Blacknet family
    blacknet
  • Contains code to disable Windows Defender 1 IoCs

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

Files

  • 7596016134.zip
    .zip

    Password: infected

  • 4fbba14a292b8827b2034f8a3b22ad408248e64585876cd93d7eb9e4bf96735c
    .exe windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections