Behavioral task
behavioral1
Sample
2016-59-0x0000000000400000-0x000000000041C000-memory.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
2016-59-0x0000000000400000-0x000000000041C000-memory.exe
Resource
win10v2004-20230220-en
General
-
Target
2016-59-0x0000000000400000-0x000000000041C000-memory.dmp
-
Size
112KB
-
MD5
bde05bfeecc5751b149f04b8b5d64e3d
-
SHA1
264655891286b16f0a3932f72c7855f4475a9e6f
-
SHA256
8fdfb8333a49a168b0c3d39f55f544346d20b908089d9db31b91c1b5e80ad573
-
SHA512
c36a0375b13efb38846522a641f51fb59c225d2632151f87d90ef775a284101cde8375850a8fdbf3791c90b1c2e5f9233c4147734f3d161975383284be515ebe
-
SSDEEP
1536:+RzYA3qNEFvynWuIiBQAh4QiObju5FBDIgMLtf:EzPynWuIiBQAeQiObjsFBDID
Malware Config
Extracted
blacknet
v3.6.0 Public
HacKed
http://bankslip.info/dadsroots/
BN[ZrDroiBx-5245469]
-
antivm
false
-
elevate_uac
false
-
install_name
WindowsUpdate.exe
-
splitter
|BN|
-
start_name
a5b002eacf54590ec8401ff6d3f920ee
-
startup
false
-
usb_spread
false
Signatures
-
BlackNET payload 1 IoCs
resource yara_rule sample family_blacknet -
Blacknet family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2016-59-0x0000000000400000-0x000000000041C000-memory.dmp
Files
-
2016-59-0x0000000000400000-0x000000000041C000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 73KB - Virtual size: 73KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ