Overview

overview

10

Static

static

10

c105e8c328...10.exe

windows7-x64

10

c105e8c328...10.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    122fadb5b266bfe5525a7b450e4c778f.bin

  • Size

    30KB

  • MD5

    d50c81af93dc24342375c98c224ae443

  • SHA1

    95dd87845add010be302ce3ed1c98d3d9f840f48

  • SHA256

    66bcd477b81b41b5a61555031d67212cdaba48d3b6bb559991c58c63de261153

  • SHA512

    b35d7a2082369296e647b58e7876126e613c37f524972afda01740c4f27c67d6dfdb14b2fc5b7e4d15dfcb1bd648ed88eaa1338b35e7d8ddd9c16e42907a4377

  • SSDEEP

    768:Y55MS981BB/cA1WQ0klAmpAnG4UcD32jyaa6JGbwPqOWqJ:YXsL///7pv4Uemeaa6gbwJf

Score
10/10
asfdgsblacknet

Malware Config

Extracted

Family

blacknet

Botnet

asfdgs

C2

http://google.com/pane

Mutex

dfgBN[iCvlRabZ-7434932]

Attributes
  • antivm

    false

  • elevate_uac

    false

  • install_name

    WindowsUpdate.exe

  • splitter

    |BN|

  • start_name

    35dcbc7eb742dd4f1edfbccf7826c724

  • startup

    false

  • usb_spread

    true

Signatures

  • BlackNET payload 1 IoCs
  • Blacknet family
    blacknet
  • Contains code to disable Windows Defender 1 IoCs

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 122fadb5b266bfe5525a7b450e4c778f.bin
    .zip

    Password: infected

  • c105e8c3286a2589c4bbdaefbd266cd45be414d08854e48b4aa43104cc48c510.exe
    .exe windows x86

    Password: infected

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections