blacknet | c3cad420d5e8e63d11b2b00d198db8cdf12018ab7080f870b21e29f89a897868 | Triage

Submit
Reports

Overview

overview

Static

static

17e73f5c5a...7b.exe

windows7_x64

17e73f5c5a...7b.exe

windows10_x64

Sharing

General

Target

17e73f5c5a7ffa3797a0bdc1816d347b.exe
Size

116KB
Sample

210421-tk9jjt8s6j
MD5

17e73f5c5a7ffa3797a0bdc1816d347b
SHA1

1f7266ab6bd84cb14c9ea97f03260aa4cc363135
SHA256

c3cad420d5e8e63d11b2b00d198db8cdf12018ab7080f870b21e29f89a897868
SHA512

66eea79ef843663ef26596c56f3a98119b2aa7ed3d302ddcb56a523cd61bb392de7276a7d8a63b23d2daa3685ab87d1910e4c5e35ace1458fa74c8b1baf8afd3

Score

10^/10

blacknet 94qf3s persistence trojan

Static task

static1

94qf3s blacknet

Behavioral task

behavioral1

Sample

17e73f5c5a7ffa3797a0bdc1816d347b.exe

Resource

win7v20210408

blacknet 94qf3s persistence trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

17e73f5c5a7ffa3797a0bdc1816d347b.exe

Resource

win10v20210410

blacknet 94qf3s persistence trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

blacknet

Version

v3.7.0 Public

Botnet

94qF3s

C2

http://www.rtmmodz.a2hosted.com/

Mutex

BN[dbdb82ae7c8fe0]

Attributes

antivm
false
elevate_uac
false
install_name
WindowsUpdate.exe
splitter
|BN|
start_name
e162b1333458a713bc6916cc8ac4110c
startup
false
usb_spread
false

Targets

- Target
  
  17e73f5c5a7ffa3797a0bdc1816d347b.exe
- Size
  
  116KB
- MD5
  
  17e73f5c5a7ffa3797a0bdc1816d347b
- SHA1
  
  1f7266ab6bd84cb14c9ea97f03260aa4cc363135
- SHA256
  
  c3cad420d5e8e63d11b2b00d198db8cdf12018ab7080f870b21e29f89a897868
- SHA512
  
  66eea79ef843663ef26596c56f3a98119b2aa7ed3d302ddcb56a523cd61bb392de7276a7d8a63b23d2daa3685ab87d1910e4c5e35ace1458fa74c8b1baf8afd3
Score

10^/10

blacknet 94qf3s persistence trojan
- BlackNET
  BlackNET is an open source remote access tool written in VB.NET.
  trojan blacknet
- BlackNET Payload
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

blacknet94qf3spersistencetrojan

behavioral2

blacknet94qf3spersistencetrojan

© 2018-2024

Terms | Privacy