blacknet | WinlockerBuilderv5[.]exe

General

Target

WinlockerBuilderv5.exe
Size

11.0MB
MD5

5891817266ffedc10d4a84a3bd483239
SHA1

b59d365a91b50ec55ccc1c1b2a70cbf858382aa3
SHA256

51c45fb238881bd25fd7435d8b8e44eee9cc56887a56a7e5f5bdef8ec8392465
SHA512

517c5d785f069ce566c1d89fcc998968a5cdfc6d85bcc7e42cc2e720b4be9b543065cc1c7967635948595fdbb4af3fc7714c8b90aa6035953bca40cba7272c23
SSDEEP

49152:VEdISABBHJtTPSfon8ElC8exQ5ekWtoy/WnwTua+V1ISCezf/rs6kLrHKOWHWq6r:VEd9

Score

10^/10

bot blacknet

Malware Config

Extracted

Family

blacknet

Version

v3.6.0 Public

Botnet

Bot

C2

http://f0483357.xsph.ru/

Mutex

BN[PHfunXGI-6235724]

Attributes

antivm
true
elevate_uac
false
install_name
jusched.exe
splitter
|BN|
start_name
a5b002eacf54590ec8401ff6d3f920ee
startup
true
usb_spread
true

Signatures

BlackNET payload 1 IoCs

Processes:

resource	yara_rule
sample	family_blacknet

Blacknet family
blacknet

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
WinlockerBuilderv5.exe

Files

WinlockerBuilderv5.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 10.9MB - Virtual size: 10.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 10.9MB - Virtual size: 10.9MB

.rsrc Size: 134KB - Virtual size: 133KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 10.9MB - Virtual size: 10.9MB

.rsrc
Size: 134KB - Virtual size: 133KB

.reloc
Size: 512B - Virtual size: 12B