General
-
Target
09bd1c367f2f75a5e8dbdd8ad4d26e5ac99727ba1230ea1e91171c5cce042146N
-
Size
80KB
-
Sample
241023-t5an3sscnk
-
MD5
96f963d603c7ea5c02cf288710dcd9a0
-
SHA1
da114471bc5452a6bebd3877226f3a299964f717
-
SHA256
09bd1c367f2f75a5e8dbdd8ad4d26e5ac99727ba1230ea1e91171c5cce042146
-
SHA512
23c8e804a063b49b2f047013b89c65676272ba68e3f9299f338276614a7200de472baafb05df9a3ee3d3b00d8b426d646c99a6c78d1ee226f80c48cdc0060c66
-
SSDEEP
1536:dPvK/3zvzVQtCsscKvW+jzJxuOmb54vHTL6lm:diqCsp4zVmb5uHv6lm
Malware Config
Extracted
blacknet
HacKed
https://lovegunny.net/
BN[GnFquUJG-0548378]
-
antivm
false
-
elevate_uac
true
-
install_name
WindowsUpdate.exe
-
splitter
|BN|
-
start_name
cde2f914e4cce7f13b2c1cec7b6da970
-
startup
false
-
usb_spread
true
Targets
-
-
Target
09bd1c367f2f75a5e8dbdd8ad4d26e5ac99727ba1230ea1e91171c5cce042146N
-
Size
80KB
-
MD5
96f963d603c7ea5c02cf288710dcd9a0
-
SHA1
da114471bc5452a6bebd3877226f3a299964f717
-
SHA256
09bd1c367f2f75a5e8dbdd8ad4d26e5ac99727ba1230ea1e91171c5cce042146
-
SHA512
23c8e804a063b49b2f047013b89c65676272ba68e3f9299f338276614a7200de472baafb05df9a3ee3d3b00d8b426d646c99a6c78d1ee226f80c48cdc0060c66
-
SSDEEP
1536:dPvK/3zvzVQtCsscKvW+jzJxuOmb54vHTL6lm:diqCsp4zVmb5uHv6lm
Score10/10-
BlackNET
BlackNET is an open source remote access tool written in VB.NET.
-
BlackNET payload
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1