blacknet | 12acc28c683190195fccfea230f47491c084d01f5d5fa975ba82135e1d0c8fa7 | Triage

Submit
Reports

Overview

overview

Static

static

3

dadsroots.exe

windows7-x64

dadsroots.exe

windows10-2004-x64

Sharing

General

Target

dadsroots.exe
Size

391KB
Sample

230525-mdm2rshc87
MD5

964a8c4317b2449ce3b1ba42806e00ff
SHA1

1bc9d7cc8dff6a6d3e9c46ff1c9966521e012b38
SHA256

12acc28c683190195fccfea230f47491c084d01f5d5fa975ba82135e1d0c8fa7
SHA512

73ab80afdee2a9d753d7a30bc8da25f28310451fdc7f4f510a7d32b9d999825205604f04e665290e17cd146892635750a16e3f6f7ae45cd509de3a0996569c45
SSDEEP

12288:NozV+S8l6vJGRaIUyVVtERhJhY0YO60nz:Na+S3MMDJXeQz

Score

10^/10

blacknet hacked trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

dadsroots.exe

Resource

win7-20230220-en

blacknet hacked trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

dadsroots.exe

Resource

win10v2004-20230221-en

blacknet hacked trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

blacknet

Version

v3.6.0 Public

Botnet

HacKed

C2

http://bankslip.info/dadsroots/

Mutex

BN[ZrDroiBx-5245469]

Attributes

antivm
false
elevate_uac
false
install_name
WindowsUpdate.exe
splitter
|BN|
start_name
a5b002eacf54590ec8401ff6d3f920ee
startup
false
usb_spread
false

Targets

- Target
  
  dadsroots.exe
- Size
  
  391KB
- MD5
  
  964a8c4317b2449ce3b1ba42806e00ff
- SHA1
  
  1bc9d7cc8dff6a6d3e9c46ff1c9966521e012b38
- SHA256
  
  12acc28c683190195fccfea230f47491c084d01f5d5fa975ba82135e1d0c8fa7
- SHA512
  
  73ab80afdee2a9d753d7a30bc8da25f28310451fdc7f4f510a7d32b9d999825205604f04e665290e17cd146892635750a16e3f6f7ae45cd509de3a0996569c45
- SSDEEP
  
  12288:NozV+S8l6vJGRaIUyVVtERhJhY0YO60nz:Na+S3MMDJXeQz
Score

10^/10

blacknet hacked trojan
- BlackNET
  BlackNET is an open source remote access tool written in VB.NET.
  trojan blacknet
- BlackNET payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

blacknethackedtrojan

behavioral2

blacknethackedtrojan

© 2018-2024

Terms | Privacy