blacknet | 6dd503b0dcfb6aceafee5e02e3df1882d33a6abce7a0127c615354f2e0b788d9 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

6dd503b0dcfb6aceafee5e02e3df1882d33a6abce7a0127c615354f2e0b788d9
Size

185KB
Sample

221104-fxcxksbfg9
MD5

ce9fbdc93576a35bc2d232a48ed54366
SHA1

9fc9f4c0125b50572e631a8a1d51ebfd594d3335
SHA256

6dd503b0dcfb6aceafee5e02e3df1882d33a6abce7a0127c615354f2e0b788d9
SHA512

d501cde2cfcb04ae851aaa0ae7934b13a6ab64f6866cc0bfb1f9ee3c65f3fe9e48948a40c1494cfdcc00cce75398c1240dec4be7dde31cb961a4250bd8635543
SSDEEP

3072:y/0i3U/mrQ0cY+CwkntxUMbsYxq7qZKh6p:y/D3U+rQ0cY+t8txTs2q7q

Score

10^/10

blacknet persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

6dd503b0dcfb6aceafee5e02e3df1882d33a6abce7a0127c615354f2e0b788d9.exe

Resource

win10v2004-20220901-en

blacknet persistence trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

blacknet

Attributes

antivm
false
elevate_uac
false
install_name
splitter
start_name
startup
false
usb_spread
false

Targets

- Target
  
  6dd503b0dcfb6aceafee5e02e3df1882d33a6abce7a0127c615354f2e0b788d9
- Size
  
  185KB
- MD5
  
  ce9fbdc93576a35bc2d232a48ed54366
- SHA1
  
  9fc9f4c0125b50572e631a8a1d51ebfd594d3335
- SHA256
  
  6dd503b0dcfb6aceafee5e02e3df1882d33a6abce7a0127c615354f2e0b788d9
- SHA512
  
  d501cde2cfcb04ae851aaa0ae7934b13a6ab64f6866cc0bfb1f9ee3c65f3fe9e48948a40c1494cfdcc00cce75398c1240dec4be7dde31cb961a4250bd8635543
- SSDEEP
  
  3072:y/0i3U/mrQ0cY+CwkntxUMbsYxq7qZKh6p:y/D3U+rQ0cY+t8txTs2q7q
Score

10^/10

blacknet persistence trojan
- BlackNET
  BlackNET is an open source remote access tool written in VB.NET.
  trojan blacknet
- BlackNET payload
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

blacknetpersistencetrojan

© 2018-2024

Terms | Privacy