blacknet | a3a387c3b28b1ee8c27dcdc18aac61ef7517cfdd44379a4a77846282fff5c341 | Triage

Analysis

max time kernel
151s
max time network
149s
platform
windows7_x64
resource
win7v20201028
submitted
05-12-2020 15:26

Sharing

Report Analysis Logs

General

Target

invoice.exe
Size

80KB
MD5

d826c6d5d9deef005d705b99cac11016
SHA1

f23633dacb9b6be069c2b43f7b931a720f0c5027
SHA256

a3a387c3b28b1ee8c27dcdc18aac61ef7517cfdd44379a4a77846282fff5c341
SHA512

121bdd22bfaf19efbc1be67417e542177748ea51506051e428f9fd8fbec1ee79718881aae1b0197b259c994cf640d4bb818f4b2e02beecbfb81aee6ec7bad67b

Score

10^/10

blacknet trojan

Malware Config

Signatures

BlackNET
BlackNET is an open source remote access tool written in VB.NET.
trojan blacknet
Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

invoice.exe

pid process

476 invoice.exe
476 invoice.exe
476 invoice.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

invoice.exe

description pid process

Token: SeDebugPrivilege 476 invoice.exe

C:\Users\Admin\AppData\Local\Temp\invoice.exe
"C:\Users\Admin\AppData\Local\Temp\invoice.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:476

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/476-2-0x000007FEF5860000-0x000007FEF61FD000-memory.dmp

Filesize
9.6MB

Download
memory/476-3-0x000007FEF5860000-0x000007FEF61FD000-memory.dmp

Filesize
9.6MB

Download