General
-
Target
dadsroots.exe
-
Size
391KB
-
Sample
230525-mdm2rshc87
-
MD5
964a8c4317b2449ce3b1ba42806e00ff
-
SHA1
1bc9d7cc8dff6a6d3e9c46ff1c9966521e012b38
-
SHA256
12acc28c683190195fccfea230f47491c084d01f5d5fa975ba82135e1d0c8fa7
-
SHA512
73ab80afdee2a9d753d7a30bc8da25f28310451fdc7f4f510a7d32b9d999825205604f04e665290e17cd146892635750a16e3f6f7ae45cd509de3a0996569c45
-
SSDEEP
12288:NozV+S8l6vJGRaIUyVVtERhJhY0YO60nz:Na+S3MMDJXeQz
Static task
static1
Behavioral task
behavioral1
Sample
dadsroots.exe
Resource
win7-20230220-en
Malware Config
Extracted
blacknet
v3.6.0 Public
HacKed
http://bankslip.info/dadsroots/
BN[ZrDroiBx-5245469]
-
antivm
false
-
elevate_uac
false
-
install_name
WindowsUpdate.exe
-
splitter
|BN|
-
start_name
a5b002eacf54590ec8401ff6d3f920ee
-
startup
false
-
usb_spread
false
Targets
-
-
Target
dadsroots.exe
-
Size
391KB
-
MD5
964a8c4317b2449ce3b1ba42806e00ff
-
SHA1
1bc9d7cc8dff6a6d3e9c46ff1c9966521e012b38
-
SHA256
12acc28c683190195fccfea230f47491c084d01f5d5fa975ba82135e1d0c8fa7
-
SHA512
73ab80afdee2a9d753d7a30bc8da25f28310451fdc7f4f510a7d32b9d999825205604f04e665290e17cd146892635750a16e3f6f7ae45cd509de3a0996569c45
-
SSDEEP
12288:NozV+S8l6vJGRaIUyVVtERhJhY0YO60nz:Na+S3MMDJXeQz
-
BlackNET payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-