General
-
Target
b72d429d1d690165c7b0de4a074c4a58
-
Size
117KB
-
Sample
240306-mbyqgsgf9t
-
MD5
b72d429d1d690165c7b0de4a074c4a58
-
SHA1
f0704d227482a80f2f90dab79ed4acd9770fe565
-
SHA256
b30eebf734354f55373978e395c912393f3c674aaa4717748ae449b09832f6ae
-
SHA512
f3b565e67d5a15d5305982701bd5f0d37eec0bfe2d152556584fa1d01faf1def6e616d0addea91e0663be084450b49f99e2108cc06a9b50c9e1482f9290b6c5c
-
SSDEEP
3072:qwS9xonGdoFlC5w/oV9RRKyfKW63beFEKyBFfa1:5CeSKyRPfKWybi1
Behavioral task
behavioral1
Sample
b72d429d1d690165c7b0de4a074c4a58.exe
Resource
win7-20240221-en
Malware Config
Extracted
blacknet
v3.7.0 Public
Bot
http://furyx.de/panel
BN[c1916af6f3a468e5b6f5c7f6b9c78982]
-
antivm
false
-
elevate_uac
false
-
install_name
WindowsUpdate.exe
-
splitter
|BN|
-
start_name
e162b1333458a713bc6916cc8ac4110c
-
startup
false
-
usb_spread
true
Targets
-
-
Target
b72d429d1d690165c7b0de4a074c4a58
-
Size
117KB
-
MD5
b72d429d1d690165c7b0de4a074c4a58
-
SHA1
f0704d227482a80f2f90dab79ed4acd9770fe565
-
SHA256
b30eebf734354f55373978e395c912393f3c674aaa4717748ae449b09832f6ae
-
SHA512
f3b565e67d5a15d5305982701bd5f0d37eec0bfe2d152556584fa1d01faf1def6e616d0addea91e0663be084450b49f99e2108cc06a9b50c9e1482f9290b6c5c
-
SSDEEP
3072:qwS9xonGdoFlC5w/oV9RRKyfKW63beFEKyBFfa1:5CeSKyRPfKWybi1
Score10/10-
BlackNET payload
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1