General

  • Target

    0x000a0000000122f5-57.dat

  • Size

    1.1MB

  • Sample

    221112-ptasgsad3z

  • MD5

    589cac94238870c8fdabc6262e5b3026

  • SHA1

    d0c2fe2913f9a333b1402e42022f80b7d539b933

  • SHA256

    40b022c5ff2ecf2cfa11be4738839dbacafcfff233691256def7a1f2bdcd9060

  • SHA512

    d707e1b36599bd491d5ab29825969b3bfeb2fc1fc1f6fa906a0ad344eeddcef77565c55ad80bbe9a242139c217c0e08b3418ca79d1023bd494bc909e87ca0c57

  • SSDEEP

    12288:gaJXLYjkwL4kIrgkRrVxkUcGkzkMMCwYoTtdYb9UtVyq/wEBHoCO9w9BJzWd8XUQ:gaJbMbL4wsxuGI08GZN8EOxJo

Score
10/10

Malware Config

Extracted

Family

blacknet

Version

v3.5.1 Public

Botnet

HacKed

C2

http://noctorships.ga/BlackNET/Panel/

Mutex

BN[BNcJaNRq-7658837]

Attributes
  • antivm

    true

  • elevate_uac

    false

  • install_name

    WindowsUpdate.exe

  • splitter

    |BN|

  • start_name

    a4f5fc179540a0b155d91b489e6811e2

  • startup

    false

  • usb_spread

    false

Targets

    • Target

      0x000a0000000122f5-57.dat

    • Size

      1.1MB

    • MD5

      589cac94238870c8fdabc6262e5b3026

    • SHA1

      d0c2fe2913f9a333b1402e42022f80b7d539b933

    • SHA256

      40b022c5ff2ecf2cfa11be4738839dbacafcfff233691256def7a1f2bdcd9060

    • SHA512

      d707e1b36599bd491d5ab29825969b3bfeb2fc1fc1f6fa906a0ad344eeddcef77565c55ad80bbe9a242139c217c0e08b3418ca79d1023bd494bc909e87ca0c57

    • SSDEEP

      12288:gaJXLYjkwL4kIrgkRrVxkUcGkzkMMCwYoTtdYb9UtVyq/wEBHoCO9w9BJzWd8XUQ:gaJbMbL4wsxuGI08GZN8EOxJo

    Score
    10/10
    • BlackNET

      BlackNET is an open source remote access tool written in VB.NET.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v6

Tasks