General
-
Target
2d513ec010655f8298949ef600d05761898ba9403574190c4ae29c71b8f18cbbN
-
Size
10.0MB
-
Sample
241104-y8yyaswlcx
-
MD5
4fbba071325c9b47f7b39ee15c2feb00
-
SHA1
84df9706705d3c0229e0c9aeec662db2770132dd
-
SHA256
2d513ec010655f8298949ef600d05761898ba9403574190c4ae29c71b8f18cbb
-
SHA512
54e67f7c5107386fdbcdc2691499e77f6ede405629687da5e8d70ed77426bbd6ba5208e2e945755030e5e5a0cc33402431c9b50f837e953e5c8d127a92a5f163
-
SSDEEP
196608:iCjV2NBODPzMsVerPYVnN/SMFmxA1HeT39Iig6Tet4Q4G/NsIdyzWdAMYI93:3V2fugPYVnNSMF1+TtIi1S1NsIUzWdAQ
Malware Config
Targets
-
-
Target
2d513ec010655f8298949ef600d05761898ba9403574190c4ae29c71b8f18cbbN
-
Size
10.0MB
-
MD5
4fbba071325c9b47f7b39ee15c2feb00
-
SHA1
84df9706705d3c0229e0c9aeec662db2770132dd
-
SHA256
2d513ec010655f8298949ef600d05761898ba9403574190c4ae29c71b8f18cbb
-
SHA512
54e67f7c5107386fdbcdc2691499e77f6ede405629687da5e8d70ed77426bbd6ba5208e2e945755030e5e5a0cc33402431c9b50f837e953e5c8d127a92a5f163
-
SSDEEP
196608:iCjV2NBODPzMsVerPYVnN/SMFmxA1HeT39Iig6Tet4Q4G/NsIdyzWdAMYI93:3V2fugPYVnNSMF1+TtIi1S1NsIUzWdAQ
Score10/10-
BlackNET
BlackNET is an open source remote access tool written in VB.NET.
-
BlackNET payload
-
Blacknet family
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-