General
-
Target
WinUpdater.exe
-
Size
199KB
-
Sample
250509-r43mcswr19
-
MD5
71bf7e569d090b6a683970988ca3eaa4
-
SHA1
a9e33af34bc8898a05c1b1d316e4922f31ab30b7
-
SHA256
f660c02fa08274f103c6c5fb73b3483b9d8a84c10bcf66f8bf22464315de8c74
-
SHA512
a079ff1aa0efc84e4339451aa9918caacaeb6cd1d7ed94f57d0de0554ee03001bc6003aa849076983496048c532e484961bed7e42bd7af2cb3a15b729c2c4e79
-
SSDEEP
3072:lm21qwCcj18DTYB+eztx3be/EKy9FnaLY8ukns+b:MUOcq/YB+eztlboZE8Fns+
Behavioral task
behavioral1
Sample
WinUpdater.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
WinUpdater.exe
Resource
win11-20250502-en
Malware Config
Extracted
blacknet
v3.7.0 Public
HacKed
http://diicotsec.ru:8080/v3/
BN[]
-
antivm
false
-
elevate_uac
false
-
install_name
WindowsUpdate.exe
-
splitter
|BN|
-
start_name
e162b1333458a713bc6916cc8ac4110c
-
startup
true
-
usb_spread
false
Targets
-
-
Target
WinUpdater.exe
-
Size
199KB
-
MD5
71bf7e569d090b6a683970988ca3eaa4
-
SHA1
a9e33af34bc8898a05c1b1d316e4922f31ab30b7
-
SHA256
f660c02fa08274f103c6c5fb73b3483b9d8a84c10bcf66f8bf22464315de8c74
-
SHA512
a079ff1aa0efc84e4339451aa9918caacaeb6cd1d7ed94f57d0de0554ee03001bc6003aa849076983496048c532e484961bed7e42bd7af2cb3a15b729c2c4e79
-
SSDEEP
3072:lm21qwCcj18DTYB+eztx3be/EKy9FnaLY8ukns+b:MUOcq/YB+eztlboZE8Fns+
Score10/10-
BlackNET payload
-
Blacknet family
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Adds Run key to start application
-