General
-
Target
6dd503b0dcfb6aceafee5e02e3df1882d33a6abce7a0127c615354f2e0b788d9
-
Size
185KB
-
Sample
221104-fxcxksbfg9
-
MD5
ce9fbdc93576a35bc2d232a48ed54366
-
SHA1
9fc9f4c0125b50572e631a8a1d51ebfd594d3335
-
SHA256
6dd503b0dcfb6aceafee5e02e3df1882d33a6abce7a0127c615354f2e0b788d9
-
SHA512
d501cde2cfcb04ae851aaa0ae7934b13a6ab64f6866cc0bfb1f9ee3c65f3fe9e48948a40c1494cfdcc00cce75398c1240dec4be7dde31cb961a4250bd8635543
-
SSDEEP
3072:y/0i3U/mrQ0cY+CwkntxUMbsYxq7qZKh6p:y/D3U+rQ0cY+t8txTs2q7q
Static task
static1
Behavioral task
behavioral1
Sample
6dd503b0dcfb6aceafee5e02e3df1882d33a6abce7a0127c615354f2e0b788d9.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
blacknet
-
antivm
false
-
elevate_uac
false
- install_name
- splitter
- start_name
-
startup
false
-
usb_spread
false
Targets
-
-
Target
6dd503b0dcfb6aceafee5e02e3df1882d33a6abce7a0127c615354f2e0b788d9
-
Size
185KB
-
MD5
ce9fbdc93576a35bc2d232a48ed54366
-
SHA1
9fc9f4c0125b50572e631a8a1d51ebfd594d3335
-
SHA256
6dd503b0dcfb6aceafee5e02e3df1882d33a6abce7a0127c615354f2e0b788d9
-
SHA512
d501cde2cfcb04ae851aaa0ae7934b13a6ab64f6866cc0bfb1f9ee3c65f3fe9e48948a40c1494cfdcc00cce75398c1240dec4be7dde31cb961a4250bd8635543
-
SSDEEP
3072:y/0i3U/mrQ0cY+CwkntxUMbsYxq7qZKh6p:y/D3U+rQ0cY+t8txTs2q7q
Score10/10-
BlackNET payload
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-