General
-
Target
AD5D8A274EAFF455047D801EE9B6231F.exe
-
Size
493KB
-
Sample
240303-15agmsae72
-
MD5
ad5d8a274eaff455047d801ee9b6231f
-
SHA1
1a43eb1ae77914cb58e6cffc8a4e8a1eebfee7d2
-
SHA256
662344d80ecad59d7c9d4e0ad6864f8ccbbdf1a73321bc3ffeb24e5cec3e1bf3
-
SHA512
ceb178dbb8e913c489de2eb7cb8c3d3f16b574934155a8fe6d73ec6235e40bb76fdffb34ae33a8e38abd912e3df5efd624104db9693e929e4bd0087b2b266932
-
SSDEEP
12288:uxjrr7F5qfMs8WdcOX+t4c08no9IaJnv+N6G/wWEh59ma4:uxLsMs8WdcMx8+I+TDV4
Malware Config
Targets
-
-
Target
AD5D8A274EAFF455047D801EE9B6231F.exe
-
Size
493KB
-
MD5
ad5d8a274eaff455047d801ee9b6231f
-
SHA1
1a43eb1ae77914cb58e6cffc8a4e8a1eebfee7d2
-
SHA256
662344d80ecad59d7c9d4e0ad6864f8ccbbdf1a73321bc3ffeb24e5cec3e1bf3
-
SHA512
ceb178dbb8e913c489de2eb7cb8c3d3f16b574934155a8fe6d73ec6235e40bb76fdffb34ae33a8e38abd912e3df5efd624104db9693e929e4bd0087b2b266932
-
SSDEEP
12288:uxjrr7F5qfMs8WdcOX+t4c08no9IaJnv+N6G/wWEh59ma4:uxLsMs8WdcMx8+I+TDV4
Score10/10-
BlackNET
BlackNET is an open source remote access tool written in VB.NET.
-
BlackNET payload
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1