blacknet | dcb96304f914dad4a7766c66c5847fa13b872e6188e426ae59038c6e11e3c594 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

dcb96304f914dad4a7766c66c5847fa13b872e6188e426ae59038c6e11e3c594
Size

928KB
Sample

220828-ghk53sece3
MD5

a1cb188468d9e8699e98a07eec4e1a86
SHA1

ed41e241d733496ad0edcfe3c2270c55f55884ca
SHA256

dcb96304f914dad4a7766c66c5847fa13b872e6188e426ae59038c6e11e3c594
SHA512

8cf987d14158f78c69952a42dbbcc2861174331d034841a6d78e42926b470fa0e5f9a31740595b98b1c4e54028f6a9680d8790424f893918388d771c87438ce6
SSDEEP

12288:J4siGqKClDaPQ7xiGqKClDaPQ77CwMTnwtsX2aEiGqKClDaPQ7ViGqKClDaPQ7:JTfClh7xfClh72h2rfClh7VfClh7

Score

10^/10

blacknet uzvhe6 persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

dcb96304f914dad4a7766c66c5847fa13b872e6188e426ae59038c6e11e3c594.exe

Resource

win10-20220812-en

blacknet uzvhe6 persistence trojan

windows10-1703-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

blacknet

Version

v3.7.0 Public

Botnet

uzVHE6

C2

http://fakirlerclub.xyz/blacknet

Mutex

BN[fdc98aef8b987490ccd4d376d67d69a7]

Attributes

antivm
false
elevate_uac
false
install_name
WindowsUpdate.exe
splitter
|BN|
start_name
e162b1333458a713bc6916cc8ac4110c
startup
false
usb_spread
false

Targets

- Target
  
  dcb96304f914dad4a7766c66c5847fa13b872e6188e426ae59038c6e11e3c594
- Size
  
  928KB
- MD5
  
  a1cb188468d9e8699e98a07eec4e1a86
- SHA1
  
  ed41e241d733496ad0edcfe3c2270c55f55884ca
- SHA256
  
  dcb96304f914dad4a7766c66c5847fa13b872e6188e426ae59038c6e11e3c594
- SHA512
  
  8cf987d14158f78c69952a42dbbcc2861174331d034841a6d78e42926b470fa0e5f9a31740595b98b1c4e54028f6a9680d8790424f893918388d771c87438ce6
- SSDEEP
  
  12288:J4siGqKClDaPQ7xiGqKClDaPQ77CwMTnwtsX2aEiGqKClDaPQ7ViGqKClDaPQ7:JTfClh7xfClh72h2rfClh7VfClh7
Score

10^/10

blacknet uzvhe6 persistence trojan
- BlackNET
  BlackNET is an open source remote access tool written in VB.NET.
  trojan blacknet
- BlackNET payload
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- Modifies WinLogon for persistence
  persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

blacknetuzvhe6persistencetrojan

© 2018-2024

Terms | Privacy