General
-
Target
0cfd96c0bef9061e95adbc2f00f6e0bd39c1103ca4761c9af850528d28455b44
-
Size
356KB
-
Sample
221116-hl165she68
-
MD5
354d20e21be15dd24eb8a9b2b18a8407
-
SHA1
f3c9182f5a8a45ee8f9cbcf2e4584c38ff670533
-
SHA256
0cfd96c0bef9061e95adbc2f00f6e0bd39c1103ca4761c9af850528d28455b44
-
SHA512
7bcfd0d2bca8a7bc3f0836c012438125cabdac11e7978f3d8a55ace928fe98ceac8ddf7cab146847ad9c9299c9231711df5b52cb0e429bcb5f519fae7353edb5
-
SSDEEP
6144:XBlALeoB8aMc2d4XPRSdUGACTse5kjVPqpc2NgqDIZYm8dDb1tqisSc85AjPdA4/:XkqGofP/HRLRoveIP95TDKkg30XS
Static task
static1
Behavioral task
behavioral1
Sample
0cfd96c0bef9061e95adbc2f00f6e0bd39c1103ca4761c9af850528d28455b44.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
blacknet
v3.7.0 Public
Round3
http://zee.zight.ru
BN[d396d077ee81b07d64cc8bbff27bbccb]
-
antivm
true
-
elevate_uac
false
-
install_name
GPUpdate.exe
-
splitter
|BN|
-
start_name
e162b1333458a713bc6916cc8ac4110c
-
startup
false
-
usb_spread
false
Targets
-
-
Target
0cfd96c0bef9061e95adbc2f00f6e0bd39c1103ca4761c9af850528d28455b44
-
Size
356KB
-
MD5
354d20e21be15dd24eb8a9b2b18a8407
-
SHA1
f3c9182f5a8a45ee8f9cbcf2e4584c38ff670533
-
SHA256
0cfd96c0bef9061e95adbc2f00f6e0bd39c1103ca4761c9af850528d28455b44
-
SHA512
7bcfd0d2bca8a7bc3f0836c012438125cabdac11e7978f3d8a55ace928fe98ceac8ddf7cab146847ad9c9299c9231711df5b52cb0e429bcb5f519fae7353edb5
-
SSDEEP
6144:XBlALeoB8aMc2d4XPRSdUGACTse5kjVPqpc2NgqDIZYm8dDb1tqisSc85AjPdA4/:XkqGofP/HRLRoveIP95TDKkg30XS
Score10/10-
BlackNET payload
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-