blacknet | c77e5db3244e658843f06ae2e61ad95f[.]exe

General

Target

c77e5db3244e658843f06ae2e61ad95f.exe
Size

133KB
MD5

c77e5db3244e658843f06ae2e61ad95f
SHA1

5bcf4c83cd1218db713c1be89369e368c6c0f115
SHA256

97ac2f7c9ff8e79aa217a8bac22bc9575cecb39bc87bcd753d428c56ea4899c9
SHA512

0d62eaaf493e840d4fe0c96cde1d8d1c76377789c1e99817426e39d16573a4a8de722d3c337a100e2a3c74bea7f1d89e5e494b0587b4c6114eb33b8b0c31d339
SSDEEP

3072:BI7KpEaKA2L22xYWVVz8pWzWpBZ7ubozFyTO1wbCl9fGJu:u7kKAhI8pWzWpB0boQMZGJ

Score

10^/10

ec blacknet

Malware Config

Extracted

Family

blacknet

Botnet

ec

C2

NriE0EakUiK+22Ai4N6Othh0De1s55kV0+sFoXChkQhcVCI2dUu3XGlBV5pu/x/cmJ/BByQIf9PqFghM2sWKP07Iz1Om2nFj+5Ad12ZaY4I9PtWNNix+MC57LiawhMvDUqvUZ0D9AMzT8Ml3Nn9NF/VG4jr2jwHli/295QeYGFGuN7RO/IqZPFblPfaRqq3BNeE7xgdHFMHJVcwvHA4s0oso3I6avTLaxL57NqpSPVJhEZ1yPk4qQWERPXxXoS+1Wp4lQUuVgRpkdjgjhF3IjONn1RIO+3lwJvDoUCLTzG1IxQGrYB+xHSLQ6jCzByfdvDqCc0Jpf0uylVa3q6zmPQ==

Mutex

BN[UfwxTUeC-7463479]

Attributes

antivm
false
elevate_uac
true
install_name
WindowsUpdate.exe
splitter
|BN|
start_name
cde2f914e4cce7f13b2c1cec7b6da970
startup
false
usb_spread
true

Signatures

BlackNET payload 1 IoCs

Processes:

resource yara_rule

sample family_blacknet
Blacknet family
blacknet
Contains code to disable Windows Defender 1 IoCs
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

Processes:

resource yara_rule

sample disable_win_def

resource	yara_rule
sample	family_blacknet

resource	yara_rule
sample	disable_win_def

Files

c77e5db3244e658843f06ae2e61ad95f.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 119KB - Virtual size: 119KB

.rsrc Size: 13KB - Virtual size: 12KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 119KB - Virtual size: 119KB

.rsrc
Size: 13KB - Virtual size: 12KB

.reloc
Size: 512B - Virtual size: 12B