Malware Analysis Report

2025-04-03 09:07

Sample ID 201022-wnccgvbew2
Target IMG-53858502 JPEG.exe
SHA256 f00cc32a15455bec6b4ebcd74e3e74c698a5308dbc21a342f10d5ec6a7dd83bb
Tags
hacked blacknet trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f00cc32a15455bec6b4ebcd74e3e74c698a5308dbc21a342f10d5ec6a7dd83bb

Threat Level: Known bad

The file IMG-53858502 JPEG.exe was found to be: Known bad.

Malicious Activity Summary

hacked blacknet trojan

BlackNET Payload

Blacknet family

BlackNET

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2021-08-05 15:39

Signatures

BlackNET Payload

Description Indicator Process Target
N/A N/A N/A N/A

Blacknet family

blacknet

Analysis: behavioral1

Detonation Overview

Submitted

2020-10-22 16:21

Reported

2020-10-22 17:21

Platform

win7

Max time kernel

151s

Max time network

158s

Command Line

"C:\Users\Admin\AppData\Local\Temp\IMG-53858502 JPEG.exe"

Signatures

BlackNET

trojan blacknet

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IMG-53858502 JPEG.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IMG-53858502 JPEG.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\IMG-53858502 JPEG.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IMG-53858502 JPEG.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IMG-53858502 JPEG.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\IMG-53858502 JPEG.exe

"C:\Users\Admin\AppData\Local\Temp\IMG-53858502 JPEG.exe"

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 essentialcs.co.za udp
N/A 169.1.20.202:80 essentialcs.co.za tcp
N/A 169.1.20.202:80 essentialcs.co.za tcp
N/A 169.1.20.202:80 essentialcs.co.za tcp
N/A 169.1.20.202:80 essentialcs.co.za tcp
N/A 169.1.20.202:80 essentialcs.co.za tcp
N/A 169.1.20.202:80 essentialcs.co.za tcp
N/A 169.1.20.202:80 essentialcs.co.za tcp

Files

memory/1072-0-0x000007FEF5830000-0x000007FEF61CD000-memory.dmp

memory/1072-1-0x000007FEF5830000-0x000007FEF61CD000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2020-10-22 16:21

Reported

2020-10-22 17:21

Platform

win10

Max time kernel

150s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\IMG-53858502 JPEG.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\IMG-53858502 JPEG.exe

"C:\Users\Admin\AppData\Local\Temp\IMG-53858502 JPEG.exe"

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 essentialcs.co.za udp
N/A 169.1.20.202:80 essentialcs.co.za tcp
N/A 169.1.20.202:80 essentialcs.co.za tcp
N/A 169.1.20.202:80 essentialcs.co.za tcp
N/A 169.1.20.202:80 essentialcs.co.za tcp
N/A 169.1.20.202:80 essentialcs.co.za tcp
N/A 169.1.20.202:80 essentialcs.co.za tcp
N/A 169.1.20.202:80 essentialcs.co.za tcp

Files

memory/3852-0-0x00007FF8844A0000-0x00007FF884E40000-memory.dmp