General
-
Target
f80bf7bdeca461e9901eb8ab4143ea128d5557821c5f7e5b00ef921bda24c015
-
Size
99KB
-
Sample
220828-gpe8eaedd7
-
MD5
b15b8d5c4bdc9694e7c8fbfba9f2d7cf
-
SHA1
6d6cd9b33d691c709eef1bce227a2966af32b050
-
SHA256
f80bf7bdeca461e9901eb8ab4143ea128d5557821c5f7e5b00ef921bda24c015
-
SHA512
28f3ce0b26b023116b24c9d8399fed056ccfae2c35b4e65a8adddf0804c8339d04809b9c3b2d94e55be0670e27920c73ffd68658cb16d3a172aef0c3179b6af0
-
SSDEEP
3072:/2j++WQQj8vTYB+eztx3be/EKyeIFnai:OCKFrYB+eztlboD
Malware Config
Extracted
blacknet
v3.7.0 Public
uzVHE6
http://fakirlerclub.xyz/blacknet
BN[fdc98aef8b987490ccd4d376d67d69a7]
-
antivm
false
-
elevate_uac
false
-
install_name
WindowsUpdate.exe
-
splitter
|BN|
-
start_name
e162b1333458a713bc6916cc8ac4110c
-
startup
false
-
usb_spread
false
Targets
-
-
Target
f80bf7bdeca461e9901eb8ab4143ea128d5557821c5f7e5b00ef921bda24c015
-
Size
99KB
-
MD5
b15b8d5c4bdc9694e7c8fbfba9f2d7cf
-
SHA1
6d6cd9b33d691c709eef1bce227a2966af32b050
-
SHA256
f80bf7bdeca461e9901eb8ab4143ea128d5557821c5f7e5b00ef921bda24c015
-
SHA512
28f3ce0b26b023116b24c9d8399fed056ccfae2c35b4e65a8adddf0804c8339d04809b9c3b2d94e55be0670e27920c73ffd68658cb16d3a172aef0c3179b6af0
-
SSDEEP
3072:/2j++WQQj8vTYB+eztx3be/EKyeIFnai:OCKFrYB+eztlboD
-
BlackNET payload
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-