Overview

overview

10

Static

static

3

TTUSD186.097,08.exe

windows7-x64

10

TTUSD186.097,08.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TTUSD186.097,08.exe

  • Size

    420KB

  • Sample

    230525-ehcgtsga22

  • MD5

    a1d2556073cf1dadf840627cedb4ee05

  • SHA1

    0cfab6747c5d53238e3027347659a51709cf36b2

  • SHA256

    00e6cd945214e899a23d2afba5c28b185037e0fc3286a78e5fb6f36668c2110b

  • SHA512

    50e15027d68c37ac9880276a26c45dc3660fc4d93fbb9e3c35b8f77f1648880f54475444753a5f5346597bd8e331313147fe8ba7cb8f0d34dfdd645a6593efdb

  • SSDEEP

    12288:cUEUGtlUW0rjwfas//M4Zjvz4G9TDMn6fB:cU0tlh0KagvzDMn2

Score
10/10
blacknethackedtrojan

Malware Config

Extracted

Family

blacknet

Version

v3.6.0 Public

Botnet

HacKed

C2

http://bankslip.info/nash/

Mutex

BN[HSMeOkUf-8793677]

Attributes
  • antivm

    false

  • elevate_uac

    false

  • install_name

    WindowsUpdate.exe

  • splitter

    |BN|

  • start_name

    a5b002eacf54590ec8401ff6d3f920ee

  • startup

    false

  • usb_spread

    false

Targets

    • Target

      TTUSD186.097,08.exe

    • Size

      420KB

    • MD5

      a1d2556073cf1dadf840627cedb4ee05

    • SHA1

      0cfab6747c5d53238e3027347659a51709cf36b2

    • SHA256

      00e6cd945214e899a23d2afba5c28b185037e0fc3286a78e5fb6f36668c2110b

    • SHA512

      50e15027d68c37ac9880276a26c45dc3660fc4d93fbb9e3c35b8f77f1648880f54475444753a5f5346597bd8e331313147fe8ba7cb8f0d34dfdd645a6593efdb

    • SSDEEP

      12288:cUEUGtlUW0rjwfas//M4Zjvz4G9TDMn6fB:cU0tlh0KagvzDMn2

    Score
    10/10
    blacknethackedtrojan

    • BlackNET

      BlackNET is an open source remote access tool written in VB.NET.

      trojanblacknet

    • BlackNET payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks