blacknet | f00cc32a15455bec6b4ebcd74e3e74c698a5308dbc21a342f10d5ec6a7dd83bb | Triage

Analysis

max time kernel
150s
max time network
155s
platform
windows10_x64
resource
win10
submitted
22-10-2020 16:21

Sharing

Report Analysis Logs

General

Target

IMG-53858502 JPEG.exe
Size

83KB
MD5

523beb012baa594d050e5f6509d7552a
SHA1

e5ccd9d1bb1f199ed490ee423f8e5a7013000627
SHA256

f00cc32a15455bec6b4ebcd74e3e74c698a5308dbc21a342f10d5ec6a7dd83bb
SHA512

0fce5688c2962f9481e7c4f54a1c5760768aad976e8a42c701961caec9035c0dbed6018b8b79471fe835368f04cf19ed545f3330792c7a89ce1d4a984b45fc07

Score

10^/10

blacknet trojan

Malware Config

Signatures

BlackNET
BlackNET is an open source remote access tool written in VB.NET.
trojan blacknet

Suspicious behavior: EnumeratesProcesses 15 IoCs

Processes:

IMG-53858502 JPEG.exe

pid	process
3852	IMG-53858502 JPEG.exe
3852	IMG-53858502 JPEG.exe
3852	IMG-53858502 JPEG.exe
3852	IMG-53858502 JPEG.exe
3852	IMG-53858502 JPEG.exe
3852	IMG-53858502 JPEG.exe
3852	IMG-53858502 JPEG.exe
3852	IMG-53858502 JPEG.exe
3852	IMG-53858502 JPEG.exe
3852	IMG-53858502 JPEG.exe
3852	IMG-53858502 JPEG.exe
3852	IMG-53858502 JPEG.exe
3852	IMG-53858502 JPEG.exe
3852	IMG-53858502 JPEG.exe
3852	IMG-53858502 JPEG.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

IMG-53858502 JPEG.exe

description pid process

Token: SeDebugPrivilege 3852 IMG-53858502 JPEG.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

IMG-53858502 JPEG.exe

pid process

3852 IMG-53858502 JPEG.exe
3852 IMG-53858502 JPEG.exe

C:\Users\Admin\AppData\Local\Temp\IMG-53858502 JPEG.exe
"C:\Users\Admin\AppData\Local\Temp\IMG-53858502 JPEG.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3852-0-0x00007FF8844A0000-0x00007FF884E40000-memory.dmp

Filesize
9.6MB

Download