General
Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
Family
blacknet
Version
v3.5.1 Public
Botnet
[ID]
C2
[HOST]
Mutex
[MUTEX]
Attributes
-
antivm
false
-
elevate_uac
false
-
install_name
[Install_Name]
-
splitter
|BN|
-
start_name
[StartupName]
-
startup
false
-
usb_spread
false
aes.plain
Extracted
Family
blacknet
Version
v3.5.1 Public
Botnet
HacKed
C2
http://localhost/blacknet
Mutex
BN[VNmCteMO-8347835]
Attributes
-
antivm
true
-
elevate_uac
true
-
install_name
WindowsUpdate.exe
-
splitter
|BN|
-
start_name
a4f5fc179540a0b155d91b489e6811e2
-
startup
false
-
usb_spread
true
aes.plain
Targets
-
-
Target
https://mini-01-s3.vx-underground.org/samples/Builders/BlackNet/BlackNET%20v3.5.1.0.7z
-
BlackNET payload
-
Blacknet family
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-