blacknet | 00e6cd945214e899a23d2afba5c28b185037e0fc3286a78e5fb6f36668c2110b | Triage

Submit
Reports

Overview

overview

Static

static

3

TTUSD186.097,08.exe

windows7-x64

TTUSD186.097,08.exe

windows10-2004-x64

Sharing

General

Target

TTUSD186.097,08.exe
Size

420KB
Sample

230525-ehcgtsga22
MD5

a1d2556073cf1dadf840627cedb4ee05
SHA1

0cfab6747c5d53238e3027347659a51709cf36b2
SHA256

00e6cd945214e899a23d2afba5c28b185037e0fc3286a78e5fb6f36668c2110b
SHA512

50e15027d68c37ac9880276a26c45dc3660fc4d93fbb9e3c35b8f77f1648880f54475444753a5f5346597bd8e331313147fe8ba7cb8f0d34dfdd645a6593efdb
SSDEEP

12288:cUEUGtlUW0rjwfas//M4Zjvz4G9TDMn6fB:cU0tlh0KagvzDMn2

Score

10^/10

blacknet hacked trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

TTUSD186.097,08.exe

Resource

win7-20230220-en

blacknet hacked trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

TTUSD186.097,08.exe

Resource

win10v2004-20230220-en

blacknet hacked trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

blacknet

Version

v3.6.0 Public

Botnet

HacKed

C2

http://bankslip.info/nash/

Mutex

BN[HSMeOkUf-8793677]

Attributes

antivm
false
elevate_uac
false
install_name
WindowsUpdate.exe
splitter
|BN|
start_name
a5b002eacf54590ec8401ff6d3f920ee
startup
false
usb_spread
false

Targets

- Target
  
  TTUSD186.097,08.exe
- Size
  
  420KB
- MD5
  
  a1d2556073cf1dadf840627cedb4ee05
- SHA1
  
  0cfab6747c5d53238e3027347659a51709cf36b2
- SHA256
  
  00e6cd945214e899a23d2afba5c28b185037e0fc3286a78e5fb6f36668c2110b
- SHA512
  
  50e15027d68c37ac9880276a26c45dc3660fc4d93fbb9e3c35b8f77f1648880f54475444753a5f5346597bd8e331313147fe8ba7cb8f0d34dfdd645a6593efdb
- SSDEEP
  
  12288:cUEUGtlUW0rjwfas//M4Zjvz4G9TDMn6fB:cU0tlh0KagvzDMn2
Score

10^/10

blacknet hacked trojan
- BlackNET
  BlackNET is an open source remote access tool written in VB.NET.
  trojan blacknet
- BlackNET payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

blacknethackedtrojan

behavioral2

blacknethackedtrojan

© 2018-2024

Terms | Privacy