General

  • Target

    2016-59-0x0000000000400000-0x000000000041C000-memory.dmp

  • Size

    112KB

  • MD5

    bde05bfeecc5751b149f04b8b5d64e3d

  • SHA1

    264655891286b16f0a3932f72c7855f4475a9e6f

  • SHA256

    8fdfb8333a49a168b0c3d39f55f544346d20b908089d9db31b91c1b5e80ad573

  • SHA512

    c36a0375b13efb38846522a641f51fb59c225d2632151f87d90ef775a284101cde8375850a8fdbf3791c90b1c2e5f9233c4147734f3d161975383284be515ebe

  • SSDEEP

    1536:+RzYA3qNEFvynWuIiBQAh4QiObju5FBDIgMLtf:EzPynWuIiBQAeQiObjsFBDID

Score
10/10

Malware Config

Extracted

Family

blacknet

Version

v3.6.0 Public

Botnet

HacKed

C2

http://bankslip.info/dadsroots/

Mutex

BN[ZrDroiBx-5245469]

Attributes
  • antivm

    false

  • elevate_uac

    false

  • install_name

    WindowsUpdate.exe

  • splitter

    |BN|

  • start_name

    a5b002eacf54590ec8401ff6d3f920ee

  • startup

    false

  • usb_spread

    false

Signatures

  • BlackNET payload 1 IoCs
  • Blacknet family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2016-59-0x0000000000400000-0x000000000041C000-memory.dmp
    .exe windows x86


    Headers

    Sections