Overview

overview

10

Static

static

3

cdacba6a70...aN.exe

windows7-x64

7

cdacba6a70...aN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cdacba6a70615a4aec0e2e3dba3769c4b3db879feac79b1f504d5691107d19daN.exe

  • Size

    7.0MB

  • Sample

    240926-gt5zma1gkn

  • MD5

    914d87aeb3a53de125a809f3fbe12770

  • SHA1

    cf9a2c842f3ff8c45b7daf9e169993ae289362b5

  • SHA256

    cdacba6a70615a4aec0e2e3dba3769c4b3db879feac79b1f504d5691107d19da

  • SHA512

    7fc1ec6a545edf23da49fc7221b29c12f34bb4fec57b8b45ea66571466b4ddecb3d405d4d6d76d60d695d8e75e35b95e70349cf93b6998ecf81c18e677db974f

  • SSDEEP

    196608:zqV2NBKA1HeT39Iig5Tet4Q4G/NsINyzWWAMYI93:2V2fj1+TtIiOS1NsIkzWWAcx

Score
10/10
blacknetpersistencepyinstallertrojan

Malware Config

Targets

    • Target

      cdacba6a70615a4aec0e2e3dba3769c4b3db879feac79b1f504d5691107d19daN.exe

    • Size

      7.0MB

    • MD5

      914d87aeb3a53de125a809f3fbe12770

    • SHA1

      cf9a2c842f3ff8c45b7daf9e169993ae289362b5

    • SHA256

      cdacba6a70615a4aec0e2e3dba3769c4b3db879feac79b1f504d5691107d19da

    • SHA512

      7fc1ec6a545edf23da49fc7221b29c12f34bb4fec57b8b45ea66571466b4ddecb3d405d4d6d76d60d695d8e75e35b95e70349cf93b6998ecf81c18e677db974f

    • SSDEEP

      196608:zqV2NBKA1HeT39Iig5Tet4Q4G/NsINyzWWAMYI93:2V2fj1+TtIiOS1NsIkzWWAcx

    Score
    10/10
    blacknetpersistencetrojan

    • BlackNET

      BlackNET is an open source remote access tool written in VB.NET.

      trojanblacknet

    • BlackNET payload

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks