General

  • Target

    WinUpdater.exe

  • Size

    199KB

  • Sample

    250509-r43mcswr19

  • MD5

    71bf7e569d090b6a683970988ca3eaa4

  • SHA1

    a9e33af34bc8898a05c1b1d316e4922f31ab30b7

  • SHA256

    f660c02fa08274f103c6c5fb73b3483b9d8a84c10bcf66f8bf22464315de8c74

  • SHA512

    a079ff1aa0efc84e4339451aa9918caacaeb6cd1d7ed94f57d0de0554ee03001bc6003aa849076983496048c532e484961bed7e42bd7af2cb3a15b729c2c4e79

  • SSDEEP

    3072:lm21qwCcj18DTYB+eztx3be/EKy9FnaLY8ukns+b:MUOcq/YB+eztlboZE8Fns+

Malware Config

Extracted

Family

blacknet

Version

v3.7.0 Public

Botnet

HacKed

C2

http://diicotsec.ru:8080/v3/

Mutex

BN[]

Attributes
  • antivm

    false

  • elevate_uac

    false

  • install_name

    WindowsUpdate.exe

  • splitter

    |BN|

  • start_name

    e162b1333458a713bc6916cc8ac4110c

  • startup

    true

  • usb_spread

    false

Targets

    • Target

      WinUpdater.exe

    • Size

      199KB

    • MD5

      71bf7e569d090b6a683970988ca3eaa4

    • SHA1

      a9e33af34bc8898a05c1b1d316e4922f31ab30b7

    • SHA256

      f660c02fa08274f103c6c5fb73b3483b9d8a84c10bcf66f8bf22464315de8c74

    • SHA512

      a079ff1aa0efc84e4339451aa9918caacaeb6cd1d7ed94f57d0de0554ee03001bc6003aa849076983496048c532e484961bed7e42bd7af2cb3a15b729c2c4e79

    • SSDEEP

      3072:lm21qwCcj18DTYB+eztx3be/EKy9FnaLY8ukns+b:MUOcq/YB+eztlboZE8Fns+

    • BlackNET

      BlackNET is an open source remote access tool written in VB.NET.

    • BlackNET payload

    • Blacknet family

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks