General

  • Target

    HEUR-Trojan.Win32.Generic-bf0dae2bf317f6fd26f.exe

  • Size

    206KB

  • MD5

    3917f35aed62a03adffbe0f22ff0d446

  • SHA1

    7e2b3ffff8220e0b2b603e97343bfafcc7ea1079

  • SHA256

    bf0dae2bf317f6fd26f8815792aa685671842fa9393cef61c394b37ff552595d

  • SHA512

    3918e1f4b67f0195cff25a1326431ddf04ee173b50553e6ee4a0072879402388e16c5fcd6d9f2e6117e3b09b90496808776ba1fed5b92c6e69ab808949081911

  • SSDEEP

    3072:OxkNWNo7HCdkVTYB+eztx3be/EKyNFna4FwX5F:sePHd5YB+eztlboZ8wX5

Score
10/10

Malware Config

Extracted

Family

blacknet

Version

v3.7.0 Public

Botnet

PRUEBA

C2

http://74.208.16.112/net

Mutex

BN[]

Attributes
  • antivm

    false

  • elevate_uac

    false

  • install_name

    WindowsUpdate.exe

  • splitter

    |BN|

  • start_name

    e162b1333458a713bc6916cc8ac4110c

  • startup

    false

  • usb_spread

    false

Signatures

  • BlackNET payload 1 IoCs
  • Blacknet family
  • Contains code to disable Windows Defender 1 IoCs

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

Files

  • HEUR-Trojan.Win32.Generic-bf0dae2bf317f6fd26f.exe
    .exe windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections