General

  • Target

    c77e5db3244e658843f06ae2e61ad95f.exe

  • Size

    133KB

  • MD5

    c77e5db3244e658843f06ae2e61ad95f

  • SHA1

    5bcf4c83cd1218db713c1be89369e368c6c0f115

  • SHA256

    97ac2f7c9ff8e79aa217a8bac22bc9575cecb39bc87bcd753d428c56ea4899c9

  • SHA512

    0d62eaaf493e840d4fe0c96cde1d8d1c76377789c1e99817426e39d16573a4a8de722d3c337a100e2a3c74bea7f1d89e5e494b0587b4c6114eb33b8b0c31d339

  • SSDEEP

    3072:BI7KpEaKA2L22xYWVVz8pWzWpBZ7ubozFyTO1wbCl9fGJu:u7kKAhI8pWzWpB0boQMZGJ

Score
10/10

Malware Config

Extracted

Family

blacknet

Botnet

ec

C2

NriE0EakUiK+22Ai4N6Othh0De1s55kV0+sFoXChkQhcVCI2dUu3XGlBV5pu/x/cmJ/BByQIf9PqFghM2sWKP07Iz1Om2nFj+5Ad12ZaY4I9PtWNNix+MC57LiawhMvDUqvUZ0D9AMzT8Ml3Nn9NF/VG4jr2jwHli/295QeYGFGuN7RO/IqZPFblPfaRqq3BNeE7xgdHFMHJVcwvHA4s0oso3I6avTLaxL57NqpSPVJhEZ1yPk4qQWERPXxXoS+1Wp4lQUuVgRpkdjgjhF3IjONn1RIO+3lwJvDoUCLTzG1IxQGrYB+xHSLQ6jCzByfdvDqCc0Jpf0uylVa3q6zmPQ==

Mutex

BN[UfwxTUeC-7463479]

Attributes
  • antivm

    false

  • elevate_uac

    true

  • install_name

    WindowsUpdate.exe

  • splitter

    |BN|

  • start_name

    cde2f914e4cce7f13b2c1cec7b6da970

  • startup

    false

  • usb_spread

    true

Signatures

  • BlackNET payload 1 IoCs
  • Blacknet family
  • Contains code to disable Windows Defender 1 IoCs

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

Files

  • c77e5db3244e658843f06ae2e61ad95f.exe
    .exe windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections