Overview

overview

10

Static

static

10

c8e99c81e1...6N.exe

windows7-x64

10

c8e99c81e1...6N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c8e99c81e1b50f3fae2b2dfa184673bfb55f5125c6c14612b1fd7125a02cefe6N

  • Size

    80KB

  • MD5

    efaac6453321e4c9df7e4474567058f0

  • SHA1

    626a1234d72c711fe78b3408cd9b68b636509e2e

  • SHA256

    c8e99c81e1b50f3fae2b2dfa184673bfb55f5125c6c14612b1fd7125a02cefe6

  • SHA512

    3675647aa06bc859f732fc412c467aee56fabc4854b421ad09682fd205e7e020da097d5770da385edb255538e76674108f10811237dc1e1cc593d0f03c2d1468

  • SSDEEP

    1536:dPvK/3zvzVQtCsscKvWyjzJxuOmb54vHTL6lm:diqCspkzVmb5uHv6lm

Score
10/10
hackedblacknet

Malware Config

Extracted

Family

blacknet

Botnet

HacKed

C2

https://lovegunny.net/

Mutex

BN[GnFquUJG-0548378]

Attributes
  • antivm

    false

  • elevate_uac

    true

  • install_name

    WindowsUpdate.exe

  • splitter

    |BN|

  • start_name

    cde2f914e4cce7f13b2c1cec7b6da970

  • startup

    false

  • usb_spread

    true

Signatures

  • BlackNET payload 1 IoCs
  • Blacknet family
    blacknet
  • Contains code to disable Windows Defender 1 IoCs

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • c8e99c81e1b50f3fae2b2dfa184673bfb55f5125c6c14612b1fd7125a02cefe6N
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections