Malware Analysis Report

2025-04-03 09:07

Sample ID 201205-l4l9pd71qe
Target invoice.exe
SHA256 a3a387c3b28b1ee8c27dcdc18aac61ef7517cfdd44379a4a77846282fff5c341
Tags
company blacknet trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a3a387c3b28b1ee8c27dcdc18aac61ef7517cfdd44379a4a77846282fff5c341

Threat Level: Known bad

The file invoice.exe was found to be: Known bad.

Malicious Activity Summary

company blacknet trojan

Contains code to disable Windows Defender

BlackNET

BlackNET Payload

Blacknet family

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2021-08-05 15:39

Signatures

BlackNET Payload

Description Indicator Process Target
N/A N/A N/A N/A

Blacknet family

blacknet

Contains code to disable Windows Defender

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2020-12-05 15:26

Reported

2020-12-05 15:28

Platform

win7v20201028

Max time kernel

151s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\invoice.exe"

Signatures

BlackNET

trojan blacknet

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\invoice.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\invoice.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\invoice.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\invoice.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\invoice.exe

"C:\Users\Admin\AppData\Local\Temp\invoice.exe"

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 redbulllogistics.online udp
N/A 162.0.229.116:80 redbulllogistics.online tcp
N/A 162.0.229.116:80 redbulllogistics.online tcp

Files

memory/476-2-0x000007FEF5860000-0x000007FEF61FD000-memory.dmp

memory/476-3-0x000007FEF5860000-0x000007FEF61FD000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2020-12-05 15:26

Reported

2020-12-05 15:28

Platform

win10v20201028

Max time kernel

150s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\invoice.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\invoice.exe

"C:\Users\Admin\AppData\Local\Temp\invoice.exe"

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 redbulllogistics.online udp
N/A 162.0.229.116:80 redbulllogistics.online tcp
N/A 162.0.229.116:80 redbulllogistics.online tcp

Files

memory/640-2-0x00007FF9EA150000-0x00007FF9EAAF0000-memory.dmp