blacknet | e39546fbb5714be7f87be265c98286366b4d2cc6cbafe0d4c71bf95da856f118 | Triage

Sharing

General

Target

Launcher.bin
Size

124KB
Sample

210726-bcetdxaqja
MD5

40c9946204cea15489c3a70b81b5efc4
SHA1

a0471872910573f1bb166dd69f3e11ed9eb04ed2
SHA256

e39546fbb5714be7f87be265c98286366b4d2cc6cbafe0d4c71bf95da856f118
SHA512

04f07054611c2be0a8f36cf6805eb8a39cce0c7c3f1a3ec255569e3fbbf2d4cc89081b579184405ffcc215a7429ba1108736d8ae6841ea380050c0828653ef05

Score

10^/10

blacknet hello persistence trojan

Malware Config

Extracted

Family

blacknet

Version

v3.6.0 Public

Botnet

Hello

C2

http://141.95.21.84

Mutex

BN[lEBYtSLH-5805348]

Attributes

antivm
false
elevate_uac
false
install_name
WindowsUpdate.exe
splitter
|BN|
start_name
68b4a4f47850fb62cd2157162048241c
startup
true
usb_spread
false

Targets

- Target
  
  Launcher.bin
- Size
  
  124KB
- MD5
  
  40c9946204cea15489c3a70b81b5efc4
- SHA1
  
  a0471872910573f1bb166dd69f3e11ed9eb04ed2
- SHA256
  
  e39546fbb5714be7f87be265c98286366b4d2cc6cbafe0d4c71bf95da856f118
- SHA512
  
  04f07054611c2be0a8f36cf6805eb8a39cce0c7c3f1a3ec255569e3fbbf2d4cc89081b579184405ffcc215a7429ba1108736d8ae6841ea380050c0828653ef05
Score

10^/10

blacknet trojan hello persistence
- BlackNET
  BlackNET is an open source remote access tool written in VB.NET.
  trojan blacknet
- BlackNET Payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

blacknethellopersistencetrojan