Malware Analysis Report

2024-11-15 09:20

Sample ID 220426-q744xsggam
Target BlackNET-3.7.0.1-main.zip
SHA256 20bf75969b459b94db82628f823b996b5ff429ab8a37789f8cfdd05ea0904e6c
Tags
[id] miner blacknet xmrig
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

20bf75969b459b94db82628f823b996b5ff429ab8a37789f8cfdd05ea0904e6c

Threat Level: Known bad

The file BlackNET-3.7.0.1-main.zip was found to be: Known bad.

Malicious Activity Summary

[id] miner blacknet xmrig

BlackNET Payload

Blacknet family

Contains code to disable Windows Defender

XMRig Miner Payload

Xmrig family

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-04-26 13:55

Signatures

BlackNET Payload

Description Indicator Process Target
N/A N/A N/A N/A

Blacknet family

blacknet

Contains code to disable Windows Defender

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

XMRig Miner Payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

Analysis: behavioral12

Detonation Overview

Submitted

2022-04-26 13:55

Reported

2022-04-26 13:58

Platform

win10v2004-20220414-en

Max time kernel

138s

Max time network

145s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Plugins Source Code\PasswordStealer\PasswordStealer\Firefox\FFReader.vbs"

Signatures

N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Plugins Source Code\PasswordStealer\PasswordStealer\Firefox\FFReader.vbs"

Network

Country Destination Domain Proto
US 67.24.25.254:80 tcp
US 20.189.173.12:443 tcp
US 8.238.20.126:80 tcp
US 8.238.20.126:80 tcp
US 8.238.20.126:80 tcp

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2022-04-26 13:55

Reported

2022-04-26 13:58

Platform

win7-20220414-en

Max time kernel

39s

Max time network

46s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Source Code\BlackNET Builder\BlackNET Builder\Main.vbs"

Signatures

N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Source Code\BlackNET Builder\BlackNET Builder\Main.vbs"

Network

N/A

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2022-04-26 13:55

Reported

2022-04-26 13:58

Platform

win10v2004-20220414-en

Max time kernel

153s

Max time network

177s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Source Code\BlackNET Builder\BlackNET Builder\My Project\Resources.vbs"

Signatures

N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Source Code\BlackNET Builder\BlackNET Builder\My Project\Resources.vbs"

Network

Country Destination Domain Proto
NL 104.110.191.140:80 tcp
US 20.189.173.4:443 tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2022-04-26 13:55

Reported

2022-04-26 13:58

Platform

win7-20220414-en

Max time kernel

42s

Max time network

48s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Plugins Source Code\FileSearcher\FileSearcher\My Project\Resources.vbs"

Signatures

N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Plugins Source Code\FileSearcher\FileSearcher\My Project\Resources.vbs"

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2022-04-26 13:55

Reported

2022-04-26 13:58

Platform

win10v2004-20220414-en

Max time kernel

89s

Max time network

183s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Plugins Source Code\FileSearcher\FileSearcher\My Project\Resources.vbs"

Signatures

N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Plugins Source Code\FileSearcher\FileSearcher\My Project\Resources.vbs"

Network

Country Destination Domain Proto
US 20.189.173.2:443 tcp
NL 104.110.191.133:80 tcp
NL 104.110.191.133:80 tcp
NL 104.110.191.133:80 tcp

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2022-04-26 13:55

Reported

2022-04-26 13:58

Platform

win10v2004-20220414-en

Max time kernel

121s

Max time network

161s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Source Code\BlackNET Builder\BlackNET Builder\Main.vbs"

Signatures

N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Source Code\BlackNET Builder\BlackNET Builder\Main.vbs"

Network

Country Destination Domain Proto
NL 67.26.105.254:80 tcp
US 20.189.173.10:443 tcp
US 67.24.25.254:80 tcp
US 67.24.25.254:80 tcp
US 67.24.25.254:80 tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2022-04-26 13:55

Reported

2022-04-26 13:58

Platform

win10v2004-20220414-en

Max time kernel

145s

Max time network

152s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Plugins Source Code\FileSearcher\FileSearcher\FileSearcher.vbs"

Signatures

N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Plugins Source Code\FileSearcher\FileSearcher\FileSearcher.vbs"

Network

Country Destination Domain Proto
US 209.197.3.8:80 tcp
IE 13.69.239.73:443 tcp
US 67.26.211.254:80 tcp
US 67.26.211.254:80 tcp
US 93.184.220.29:80 tcp
US 204.79.197.203:80 tcp

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2022-04-26 13:55

Reported

2022-04-26 13:58

Platform

win7-20220414-en

Max time kernel

21s

Max time network

40s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Plugins Source Code\PasswordStealer\PasswordStealer\Utils\JsonReader.vbs"

Signatures

N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Plugins Source Code\PasswordStealer\PasswordStealer\Utils\JsonReader.vbs"

Network

N/A

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2022-04-26 13:55

Reported

2022-04-26 13:58

Platform

win10v2004-20220414-en

Max time kernel

96s

Max time network

131s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Source Code\BlackNET Builder\BlackNET Builder\Theme.vbs"

Signatures

N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Source Code\BlackNET Builder\BlackNET Builder\Theme.vbs"

Network

Country Destination Domain Proto
US 20.189.173.11:443 tcp
NL 104.110.191.140:80 tcp
BE 8.238.110.126:80 tcp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2022-04-26 13:55

Reported

2022-04-26 13:58

Platform

win10v2004-20220414-en

Max time kernel

141s

Max time network

145s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Plugins Source Code\PasswordStealer\PasswordStealer\Firefox\FFDecrypter.vbs"

Signatures

N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Plugins Source Code\PasswordStealer\PasswordStealer\Firefox\FFDecrypter.vbs"

Network

Country Destination Domain Proto
GB 173.222.211.107:80 tcp
GB 173.222.211.107:80 tcp
US 8.8.8.8:53 15.89.54.20.in-addr.arpa udp
IE 13.69.239.72:443 tcp
BE 8.238.110.126:80 tcp
BE 8.238.110.126:80 tcp
NL 104.123.41.162:80 tcp

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2022-04-26 13:55

Reported

2022-04-26 13:58

Platform

win7-20220414-en

Max time kernel

35s

Max time network

47s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Source Code\BlackNET Builder\BlackNET Builder\Theme.vbs"

Signatures

N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Source Code\BlackNET Builder\BlackNET Builder\Theme.vbs"

Network

N/A

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2022-04-26 13:55

Reported

2022-04-26 13:58

Platform

win7-20220414-en

Max time kernel

20s

Max time network

41s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Plugins Source Code\PasswordStealer\PasswordStealer\My Project\Resources.vbs"

Signatures

N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Plugins Source Code\PasswordStealer\PasswordStealer\My Project\Resources.vbs"

Network

N/A

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2022-04-26 13:55

Reported

2022-04-26 13:58

Platform

win7-20220414-en

Max time kernel

37s

Max time network

48s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Plugins Source Code\PasswordStealer\PasswordStealer\Stealer.vbs"

Signatures

N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Plugins Source Code\PasswordStealer\PasswordStealer\Stealer.vbs"

Network

N/A

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2022-04-26 13:55

Reported

2022-04-26 13:58

Platform

win10v2004-20220414-en

Max time kernel

48s

Max time network

110s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Plugins Source Code\PasswordStealer\PasswordStealer\Stealer.vbs"

Signatures

N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Plugins Source Code\PasswordStealer\PasswordStealer\Stealer.vbs"

Network

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2022-04-26 13:55

Reported

2022-04-26 13:58

Platform

win7-20220414-en

Max time kernel

37s

Max time network

47s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Plugins Source Code\PasswordStealer\PasswordStealer\Chrome\AesGcm.vbs"

Signatures

N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Plugins Source Code\PasswordStealer\PasswordStealer\Chrome\AesGcm.vbs"

Network

Country Destination Domain Proto
US 93.184.220.29:80 tcp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2022-04-26 13:55

Reported

2022-04-26 13:58

Platform

win10v2004-20220414-en

Max time kernel

70s

Max time network

103s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Plugins Source Code\PasswordStealer\PasswordStealer\Chrome\Chromium.vbs"

Signatures

N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Plugins Source Code\PasswordStealer\PasswordStealer\Chrome\Chromium.vbs"

Network

Country Destination Domain Proto
US 20.189.173.14:443 tcp
NL 104.110.191.140:80 tcp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2022-04-26 13:55

Reported

2022-04-26 13:58

Platform

win7-20220414-en

Max time kernel

40s

Max time network

46s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Plugins Source Code\PasswordStealer\PasswordStealer\Firefox\FFReader.vbs"

Signatures

N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Plugins Source Code\PasswordStealer\PasswordStealer\Firefox\FFReader.vbs"

Network

N/A

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2022-04-26 13:55

Reported

2022-04-26 13:58

Platform

win7-20220414-en

Max time kernel

37s

Max time network

47s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Source Code\BlackNET Builder\BlackNET Builder\IconChanger.vbs"

Signatures

N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Source Code\BlackNET Builder\BlackNET Builder\IconChanger.vbs"

Network

N/A

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2022-04-26 13:55

Reported

2022-04-26 13:58

Platform

win10v2004-20220414-en

Max time kernel

143s

Max time network

150s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Source Code\BlackNET Builder\BlackNET Builder\IconChanger.vbs"

Signatures

N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Source Code\BlackNET Builder\BlackNET Builder\IconChanger.vbs"

Network

Country Destination Domain Proto
NL 8.238.24.126:80 tcp
NL 8.238.24.126:80 tcp
US 93.184.220.29:80 tcp
US 93.184.220.29:80 tcp
GB 51.104.15.252:443 tcp
NL 8.238.24.126:80 tcp
NL 8.238.24.126:80 tcp
NL 8.238.24.126:80 tcp
US 93.184.220.29:80 tcp
US 204.79.197.203:80 tcp
US 8.8.8.8:53 106.89.54.20.in-addr.arpa udp
US 8.8.8.8:53 0.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.4.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2022-04-26 13:55

Reported

2022-04-26 13:58

Platform

win7-20220414-en

Max time kernel

35s

Max time network

45s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Plugins Source Code\PasswordStealer\PasswordStealer\Chrome\Chromium.vbs"

Signatures

N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Plugins Source Code\PasswordStealer\PasswordStealer\Chrome\Chromium.vbs"

Network

N/A

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2022-04-26 13:55

Reported

2022-04-26 13:58

Platform

win10v2004-20220414-en

Max time kernel

152s

Max time network

162s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Plugins Source Code\PasswordStealer\PasswordStealer\My Project\Resources.vbs"

Signatures

N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Plugins Source Code\PasswordStealer\PasswordStealer\My Project\Resources.vbs"

Network

Country Destination Domain Proto
US 93.184.220.29:80 tcp
IE 13.69.239.73:443 tcp
US 8.8.8.8:53 106.89.54.20.in-addr.arpa udp
US 8.238.111.254:80 tcp
US 8.238.111.254:80 tcp
US 93.184.220.29:80 tcp
US 204.79.197.203:80 tcp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2022-04-26 13:55

Reported

2022-04-26 13:58

Platform

win7-20220414-en

Max time kernel

38s

Max time network

45s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Plugins Source Code\PasswordStealer\PasswordStealer\Other\Outlook.vbs"

Signatures

N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Plugins Source Code\PasswordStealer\PasswordStealer\Other\Outlook.vbs"

Network

N/A

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2022-04-26 13:55

Reported

2022-04-26 13:58

Platform

win10v2004-20220414-en

Max time kernel

105s

Max time network

130s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Plugins Source Code\PasswordStealer\PasswordStealer\Utils\JsonReader.vbs"

Signatures

N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Plugins Source Code\PasswordStealer\PasswordStealer\Utils\JsonReader.vbs"

Network

Country Destination Domain Proto
NL 104.97.14.81:80 tcp
NL 52.178.17.2:443 tcp
NL 104.110.191.133:80 tcp
NL 104.110.191.133:80 tcp
FR 2.18.109.224:443 tcp
US 104.18.24.243:80 tcp
NL 104.123.41.162:80 tcp

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2022-04-26 13:55

Reported

2022-04-26 13:58

Platform

win10v2004-20220414-en

Max time kernel

66s

Max time network

126s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Plugins Source Code\PasswordStealer\PasswordStealer\Utils\SQLiteHandler.vbs"

Signatures

N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Plugins Source Code\PasswordStealer\PasswordStealer\Utils\SQLiteHandler.vbs"

Network

Country Destination Domain Proto
US 13.89.178.27:443 tcp
US 209.197.3.8:80 tcp
NL 88.221.144.179:80 tcp

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2022-04-26 13:55

Reported

2022-04-26 13:58

Platform

win10v2004-20220414-en

Max time kernel

122s

Max time network

156s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Source Code\BlackNET Builder\BlackNET Builder\Main.vbs"

Signatures

N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Source Code\BlackNET Builder\BlackNET Builder\Main.vbs"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc

Network

Country Destination Domain Proto
NL 87.248.202.1:80 tcp
US 13.107.21.200:443 tcp
NL 104.97.14.81:80 tcp
NL 20.50.201.200:443 tcp
US 8.8.8.8:53 storesdk.dsx.mp.microsoft.com udp
NL 87.248.202.1:80 tcp
NL 87.248.202.1:80 tcp
US 8.8.8.8:53 storesdk.dsx.mp.microsoft.com udp
FR 2.18.109.224:443 storesdk.dsx.mp.microsoft.com tcp
US 8.8.8.8:53 store-images.s-microsoft.com udp
NL 104.123.41.133:80 store-images.s-microsoft.com tcp
NL 104.123.41.133:80 store-images.s-microsoft.com tcp
NL 104.123.41.133:80 store-images.s-microsoft.com tcp
US 8.8.8.8:53 tsfe.trafficshaping.dsp.mp.microsoft.com udp
IE 20.54.110.119:443 tsfe.trafficshaping.dsp.mp.microsoft.com tcp
US 8.8.8.8:53 dl.delivery.mp.microsoft.com udp
US 93.184.221.240:80 dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 tlu.dl.delivery.mp.microsoft.com udp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
US 93.184.221.240:80 tlu.dl.delivery.mp.microsoft.com tcp
US 13.107.21.200:443 tcp
NL 8.248.3.254:80 tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-04-26 13:55

Reported

2022-04-26 13:58

Platform

win7-20220414-en

Max time kernel

23s

Max time network

44s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Plugins Source Code\FileSearcher\FileSearcher\FileSearcher.vbs"

Signatures

N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Plugins Source Code\FileSearcher\FileSearcher\FileSearcher.vbs"

Network

N/A

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2022-04-26 13:55

Reported

2022-04-26 13:58

Platform

win7-20220414-en

Max time kernel

23s

Max time network

44s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Plugins Source Code\PasswordStealer\PasswordStealer\Firefox\FFDecrypter.vbs"

Signatures

N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Plugins Source Code\PasswordStealer\PasswordStealer\Firefox\FFDecrypter.vbs"

Network

N/A

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2022-04-26 13:55

Reported

2022-04-26 13:58

Platform

win7-20220414-en

Max time kernel

42s

Max time network

50s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Source Code\BlackNET Builder\BlackNET Builder\My Project\Resources.vbs"

Signatures

N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Source Code\BlackNET Builder\BlackNET Builder\My Project\Resources.vbs"

Network

N/A

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2022-04-26 13:55

Reported

2022-04-26 13:58

Platform

win10v2004-20220414-en

Max time kernel

66s

Max time network

128s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Plugins Source Code\PasswordStealer\PasswordStealer\Chrome\AesGcm.vbs"

Signatures

N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Plugins Source Code\PasswordStealer\PasswordStealer\Chrome\AesGcm.vbs"

Network

Country Destination Domain Proto
NL 104.110.191.133:80 tcp
US 20.189.173.9:443 tcp
NL 104.110.191.133:80 tcp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2022-04-26 13:55

Reported

2022-04-26 13:58

Platform

win10v2004-20220414-en

Max time kernel

75s

Max time network

140s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Plugins Source Code\PasswordStealer\PasswordStealer\Other\Outlook.vbs"

Signatures

N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Plugins Source Code\PasswordStealer\PasswordStealer\Other\Outlook.vbs"

Network

Country Destination Domain Proto
FR 2.18.109.224:443 tcp
FR 2.18.109.224:443 storesdk.dsx.mp.microsoft.com tcp
US 20.189.173.1:443 tcp
NL 178.79.208.1:80 tcp
US 104.18.25.243:80 tcp

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2022-04-26 13:55

Reported

2022-04-26 13:58

Platform

win7-20220414-en

Max time kernel

38s

Max time network

47s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Plugins Source Code\PasswordStealer\PasswordStealer\Utils\SQLiteHandler.vbs"

Signatures

N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Plugins Source Code\PasswordStealer\PasswordStealer\Utils\SQLiteHandler.vbs"

Network

N/A

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2022-04-26 13:55

Reported

2022-04-26 13:58

Platform

win7-20220414-en

Max time kernel

34s

Max time network

45s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Source Code\BlackNET Builder\BlackNET Builder\Main.vbs"

Signatures

N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlackNET-3.7.0.1-main\BlackNET - Source Code\BlackNET Builder\BlackNET Builder\Main.vbs"

Network

N/A

Files

N/A