General
-
Target
5de9dcc57b578bf915e553ae272269dc
-
Size
684KB
-
Sample
240115-yb6a4sdggk
-
MD5
5de9dcc57b578bf915e553ae272269dc
-
SHA1
162ef6514901b7783261eb12f68f8798dc0e8f3d
-
SHA256
5b14d9674cbd536403423c9822182497469034a86ad12ced50ab02bdc9166cce
-
SHA512
98f2d30c39ef4706ed95579dfccf6e6637b5643c06c41dcc0dd4f61f6628f1d9691684b92699045b80486313fbb9d076e734419d83e31a036c36a1e30cd7dff5
-
SSDEEP
6144:XkKRDBCU++To9SLXGvRitOcpuAtk42a85SZvmSj/IHhiohh0RZHy4Y4uGtBzcVT:PgSLGI4AgJ5SZ9QHhhCXqGPz
Malware Config
Extracted
blacknet
v3.7.0 Public
D7tJ7v
http://officialcomerce1.xyz/lee
BN[f9a1b17a]
-
antivm
false
-
elevate_uac
false
-
install_name
WindowsUpdate.exe
-
splitter
|BN|
-
start_name
e162b1333458a713bc6916cc8ac4110c
-
startup
false
-
usb_spread
false
Targets
-
-
Target
5de9dcc57b578bf915e553ae272269dc
-
Size
684KB
-
MD5
5de9dcc57b578bf915e553ae272269dc
-
SHA1
162ef6514901b7783261eb12f68f8798dc0e8f3d
-
SHA256
5b14d9674cbd536403423c9822182497469034a86ad12ced50ab02bdc9166cce
-
SHA512
98f2d30c39ef4706ed95579dfccf6e6637b5643c06c41dcc0dd4f61f6628f1d9691684b92699045b80486313fbb9d076e734419d83e31a036c36a1e30cd7dff5
-
SSDEEP
6144:XkKRDBCU++To9SLXGvRitOcpuAtk42a85SZvmSj/IHhiohh0RZHy4Y4uGtBzcVT:PgSLGI4AgJ5SZ9QHhhCXqGPz
Score10/10-
BlackNET
BlackNET is an open source remote access tool written in VB.NET.
-
BlackNET payload
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-