Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
Family
blacknet
Version
v3.7.0 Public
Botnet
[ID]
C2
[HOST]
Mutex
[MUTEX]
Attributes
-
antivm
false
-
elevate_uac
false
-
install_name
[Install_Name]
-
splitter
[Splitter]
-
start_name
[StartupName]
-
startup
false
-
usb_spread
false
aes.plain
Targets
-
-
BlackNET payload
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger