General

  • Target

    Launcher.bin

  • Size

    124KB

  • Sample

    210726-bcetdxaqja

  • MD5

    40c9946204cea15489c3a70b81b5efc4

  • SHA1

    a0471872910573f1bb166dd69f3e11ed9eb04ed2

  • SHA256

    e39546fbb5714be7f87be265c98286366b4d2cc6cbafe0d4c71bf95da856f118

  • SHA512

    04f07054611c2be0a8f36cf6805eb8a39cce0c7c3f1a3ec255569e3fbbf2d4cc89081b579184405ffcc215a7429ba1108736d8ae6841ea380050c0828653ef05

Malware Config

Extracted

Family

blacknet

Version

v3.6.0 Public

Botnet

Hello

C2

http://141.95.21.84

Mutex

BN[lEBYtSLH-5805348]

Attributes
  • antivm

    false

  • elevate_uac

    false

  • install_name

    WindowsUpdate.exe

  • splitter

    |BN|

  • start_name

    68b4a4f47850fb62cd2157162048241c

  • startup

    true

  • usb_spread

    false

Targets

    • Target

      Launcher.bin

    • Size

      124KB

    • MD5

      40c9946204cea15489c3a70b81b5efc4

    • SHA1

      a0471872910573f1bb166dd69f3e11ed9eb04ed2

    • SHA256

      e39546fbb5714be7f87be265c98286366b4d2cc6cbafe0d4c71bf95da856f118

    • SHA512

      04f07054611c2be0a8f36cf6805eb8a39cce0c7c3f1a3ec255569e3fbbf2d4cc89081b579184405ffcc215a7429ba1108736d8ae6841ea380050c0828653ef05

    • BlackNET

      BlackNET is an open source remote access tool written in VB.NET.

    • BlackNET Payload

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks