Resubmissions
18/11/2022, 14:52
221118-r85mhshf55 108/11/2022, 14:30
221108-rvcpkscaa3 807/11/2022, 15:52
221107-tbh4csefh4 807/11/2022, 10:35
221107-mm5m6secgn 106/11/2022, 13:08
221106-qdjk5aehgj 905/11/2022, 20:23
221105-y589vsbhcj 805/11/2022, 16:11
221105-tm8s6aaggj 1005/11/2022, 07:34
221105-jd7jmaggal 804/11/2022, 20:40
221104-zgabascfgq 8General
-
Target
https://github.com
-
Sample
221104-rxzxwsgag2
Score
10/10
Malware Config
Extracted
Family
blacknet
Version
v3.6.0 Public
Botnet
Bot
C2
http://f0483357.xsph.ru/
Mutex
BN[PHfunXGI-6235724]
Attributes
-
antivm
true
-
elevate_uac
false
-
install_name
jusched.exe
-
splitter
|BN|
-
start_name
a5b002eacf54590ec8401ff6d3f920ee
-
startup
true
-
usb_spread
true
Extracted
Family
darkcomet
Botnet
Guest16
C2
gameservice.ddns.net:4320
Mutex
DC_MUTEX-WBUNVXD
Attributes
-
InstallPath
AudioDriver\taskhost.exe
-
gencode
EWSsWwgyJrUD
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
AudioDriver
Targets
-
-
Target
https://github.com
Score10/10-
BlackNET
BlackNET is an open source remote access tool written in VB.NET.
-
BlackNET payload
-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-