General
-
Target
Client.exe
-
Size
197KB
-
Sample
240918-2yh1waxgpq
-
MD5
6612bcb3e74a6e0441a7745c9330469a
-
SHA1
81fd5bfcf6744ebe55d6a44ff57f0ec48e30eb1d
-
SHA256
58c9a0462180ac23497f469c0eb5cdd07939b3a7655ab11d0273b25b4d49e584
-
SHA512
4bbd910754a4a3c7d975c6274e58d4dec450aa64aef0a2e726f707b62b8e9fcb47f3faa1b0e489cda1bff64445a88f406a95eeec1e8449bb93b64e8de9a69d2a
-
SSDEEP
3072:2p2woC4ftIt4cTYB+eztx3be/EKymFnaT:0BO6S0YB+eztlboQ
Malware Config
Extracted
blacknet
v3.7.0 Public
Pwned
https://taxiforyou.org.uk/blackbot
BN[]
-
antivm
true
-
elevate_uac
false
-
install_name
WindowsUpdate.exe
-
splitter
|BN|
-
start_name
e162b1333458a713bc6916cc8ac4110c
-
startup
false
-
usb_spread
false
Targets
-
-
Target
Client.exe
-
Size
197KB
-
MD5
6612bcb3e74a6e0441a7745c9330469a
-
SHA1
81fd5bfcf6744ebe55d6a44ff57f0ec48e30eb1d
-
SHA256
58c9a0462180ac23497f469c0eb5cdd07939b3a7655ab11d0273b25b4d49e584
-
SHA512
4bbd910754a4a3c7d975c6274e58d4dec450aa64aef0a2e726f707b62b8e9fcb47f3faa1b0e489cda1bff64445a88f406a95eeec1e8449bb93b64e8de9a69d2a
-
SSDEEP
3072:2p2woC4ftIt4cTYB+eztx3be/EKymFnaT:0BO6S0YB+eztlboQ
Score10/10-
BlackNET
BlackNET is an open source remote access tool written in VB.NET.
-
BlackNET payload
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Modifies Windows Defender Real-time Protection settings
-
Downloads MZ/PE file
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Impair Defenses
1Disable or Modify Tools
1Modify Registry
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1