blacknet | bf0dae2bf317f6fd26f8815792aa685671842fa9393cef61c394b37ff552595d | Triage

Submit
Reports

Overview

overview

Static

static

HEUR-Troja...6f.exe

windows7-x64

HEUR-Troja...6f.exe

windows10-2004-x64

Sharing

General

Target

HEUR-Trojan.Win32.Generic-bf0dae2bf317f6fd26f.exe
Size

206KB
Sample

221230-srbhsaba91
MD5

3917f35aed62a03adffbe0f22ff0d446
SHA1

7e2b3ffff8220e0b2b603e97343bfafcc7ea1079
SHA256

bf0dae2bf317f6fd26f8815792aa685671842fa9393cef61c394b37ff552595d
SHA512

3918e1f4b67f0195cff25a1326431ddf04ee173b50553e6ee4a0072879402388e16c5fcd6d9f2e6117e3b09b90496808776ba1fed5b92c6e69ab808949081911
SSDEEP

3072:OxkNWNo7HCdkVTYB+eztx3be/EKyNFna4FwX5F:sePHd5YB+eztlboZ8wX5

Score

10^/10

blacknet prueba trojan

Static task

static1

prueba blacknet

3 signatures

Behavioral task

behavioral1

Sample

HEUR-Trojan.Win32.Generic-bf0dae2bf317f6fd26f.exe

Resource

win7-20221111-en

blacknet prueba trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

HEUR-Trojan.Win32.Generic-bf0dae2bf317f6fd26f.exe

Resource

win10v2004-20221111-en

blacknet prueba trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

blacknet

Version

v3.7.0 Public

Botnet

PRUEBA

C2

http://74.208.16.112/net

Mutex

BN[]

Attributes

antivm
false
elevate_uac
false
install_name
WindowsUpdate.exe
splitter
|BN|
start_name
e162b1333458a713bc6916cc8ac4110c
startup
false
usb_spread
false

Targets

- Target
  
  HEUR-Trojan.Win32.Generic-bf0dae2bf317f6fd26f.exe
- Size
  
  206KB
- MD5
  
  3917f35aed62a03adffbe0f22ff0d446
- SHA1
  
  7e2b3ffff8220e0b2b603e97343bfafcc7ea1079
- SHA256
  
  bf0dae2bf317f6fd26f8815792aa685671842fa9393cef61c394b37ff552595d
- SHA512
  
  3918e1f4b67f0195cff25a1326431ddf04ee173b50553e6ee4a0072879402388e16c5fcd6d9f2e6117e3b09b90496808776ba1fed5b92c6e69ab808949081911
- SSDEEP
  
  3072:OxkNWNo7HCdkVTYB+eztx3be/EKyNFna4FwX5F:sePHd5YB+eztlboZ8wX5
Score

10^/10

blacknet prueba trojan
- BlackNET
  BlackNET is an open source remote access tool written in VB.NET.
  trojan blacknet
- BlackNET payload
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blacknetpruebatrojan

behavioral2

blacknetpruebatrojan

© 2018-2024

Terms | Privacy