blacknet | 40b022c5ff2ecf2cfa11be4738839dbacafcfff233691256def7a1f2bdcd9060 | Triage

Submit
Reports

Overview

overview

Static

static

0x000a0000...57.exe

windows7-x64

0x000a0000...57.exe

windows10-2004-x64

Sharing

General

Target

0x000a0000000122f5-57.dat
Size

1.1MB
Sample

221112-ptasgsad3z
MD5

589cac94238870c8fdabc6262e5b3026
SHA1

d0c2fe2913f9a333b1402e42022f80b7d539b933
SHA256

40b022c5ff2ecf2cfa11be4738839dbacafcfff233691256def7a1f2bdcd9060
SHA512

d707e1b36599bd491d5ab29825969b3bfeb2fc1fc1f6fa906a0ad344eeddcef77565c55ad80bbe9a242139c217c0e08b3418ca79d1023bd494bc909e87ca0c57
SSDEEP

12288:gaJXLYjkwL4kIrgkRrVxkUcGkzkMMCwYoTtdYb9UtVyq/wEBHoCO9w9BJzWd8XUQ:gaJbMbL4wsxuGI08GZN8EOxJo

Score

10^/10

blacknet hacked trojan

Static task

static1

hacked blacknet

3 signatures

Behavioral task

behavioral1

Sample

0x000a0000000122f5-57.exe

Resource

win7-20220901-en

blacknet trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

0x000a0000000122f5-57.exe

Resource

win10v2004-20220812-en

blacknet trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

blacknet

Version

v3.5.1 Public

Botnet

HacKed

C2

http://noctorships.ga/BlackNET/Panel/

Mutex

BN[BNcJaNRq-7658837]

Attributes

antivm
true
elevate_uac
false
install_name
WindowsUpdate.exe
splitter
|BN|
start_name
a4f5fc179540a0b155d91b489e6811e2
startup
false
usb_spread
false

Targets

- Target
  
  0x000a0000000122f5-57.dat
- Size
  
  1.1MB
- MD5
  
  589cac94238870c8fdabc6262e5b3026
- SHA1
  
  d0c2fe2913f9a333b1402e42022f80b7d539b933
- SHA256
  
  40b022c5ff2ecf2cfa11be4738839dbacafcfff233691256def7a1f2bdcd9060
- SHA512
  
  d707e1b36599bd491d5ab29825969b3bfeb2fc1fc1f6fa906a0ad344eeddcef77565c55ad80bbe9a242139c217c0e08b3418ca79d1023bd494bc909e87ca0c57
- SSDEEP
  
  12288:gaJXLYjkwL4kIrgkRrVxkUcGkzkMMCwYoTtdYb9UtVyq/wEBHoCO9w9BJzWd8XUQ:gaJbMbL4wsxuGI08GZN8EOxJo
Score

10^/10

blacknet trojan
- BlackNET
  BlackNET is an open source remote access tool written in VB.NET.
  trojan blacknet
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy