blacknet | 7315ab3fbe785acb4ad597e8a3e00f494dd17aeeb7bb2b0753efb770162054c1 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

7315ab3fbe785acb4ad597e8a3e00f494dd17aeeb7bb2b0753efb770162054c1
Size

181KB
Sample

221104-fqlk5sdfbq
MD5

a580716c85ddeb8ec54931c0ad936681
SHA1

50a6d64889c3192dbf111cd0d24d46d1cf735177
SHA256

7315ab3fbe785acb4ad597e8a3e00f494dd17aeeb7bb2b0753efb770162054c1
SHA512

9960b9ec8d3819603f83d6a6743b51ed34676a3129d02fcc34179132ddc11358de6602834d95821631cc5682b4a5aaa7dfb1c550d3bb165e35c353484ed76229
SSDEEP

3072:s06SfVcCptVLSM7hBfx5pPrxkmiDsF3dJL29H13k78J:s0bmCpvLSohBFPreWFrL29H+4

Score

10^/10

blacknet smokeloader backdoor persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

7315ab3fbe785acb4ad597e8a3e00f494dd17aeeb7bb2b0753efb770162054c1.exe

Resource

win10-20220812-en

blacknet smokeloader backdoor persistence trojan

windows10-1703-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  7315ab3fbe785acb4ad597e8a3e00f494dd17aeeb7bb2b0753efb770162054c1
- Size
  
  181KB
- MD5
  
  a580716c85ddeb8ec54931c0ad936681
- SHA1
  
  50a6d64889c3192dbf111cd0d24d46d1cf735177
- SHA256
  
  7315ab3fbe785acb4ad597e8a3e00f494dd17aeeb7bb2b0753efb770162054c1
- SHA512
  
  9960b9ec8d3819603f83d6a6743b51ed34676a3129d02fcc34179132ddc11358de6602834d95821631cc5682b4a5aaa7dfb1c550d3bb165e35c353484ed76229
- SSDEEP
  
  3072:s06SfVcCptVLSM7hBfx5pPrxkmiDsF3dJL29H13k78J:s0bmCpvLSohBFPreWFrL29H+4
Score

10^/10

blacknet smokeloader backdoor persistence trojan
- BlackNET
  BlackNET is an open source remote access tool written in VB.NET.
  trojan blacknet
- BlackNET payload
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

blacknetsmokeloaderbackdoorpersistencetrojan

© 2018-2025

Terms | Privacy