blacknet | 636586494bbb8266d974ac3dd259d1290c94c96a98d00165c502aafbbca5447a | Triage

Submit
Reports

Overview

overview

Static

static

3

636586494b...7a.exe

windows7-x64

636586494b...7a.exe

windows10-2004-x64

Sharing

General

Target

636586494bbb8266d974ac3dd259d1290c94c96a98d00165c502aafbbca5447a.exe
Size

429KB
Sample

230609-nv5tksch3t
MD5

23f50c4bff4b1018a5b24dca1e9a525d
SHA1

366ae616becd1beaa884ab87659468921a32b8ab
SHA256

636586494bbb8266d974ac3dd259d1290c94c96a98d00165c502aafbbca5447a
SHA512

3b8f205a2ae57be0635f470411afeacf4c95f83594d415bd0472f6afa0f50ed1b04e29a65e2db48b7ead45357f5aa602a8427e200b7dbedf4611a2dd062bbb16
SSDEEP

12288:uFwqoSpOurJqsoXlkY70Oti5RmgNmz5sCB:ubowfon0Wijmww

Score

10^/10

blacknet hacked trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

636586494bbb8266d974ac3dd259d1290c94c96a98d00165c502aafbbca5447a.exe

Resource

win7-20230220-en

blacknet hacked trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

636586494bbb8266d974ac3dd259d1290c94c96a98d00165c502aafbbca5447a.exe

Resource

win10v2004-20230220-en

blacknet hacked trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

blacknet

Version

v3.6.0 Public

Botnet

HacKed

C2

http://bankslip.info/david/

Mutex

BN[lnUntCqW-7778345]

Attributes

antivm
false
elevate_uac
false
install_name
WindowsUpdate.exe
splitter
|BN|
start_name
a5b002eacf54590ec8401ff6d3f920ee
startup
false
usb_spread
false

Targets

- Target
  
  636586494bbb8266d974ac3dd259d1290c94c96a98d00165c502aafbbca5447a.exe
- Size
  
  429KB
- MD5
  
  23f50c4bff4b1018a5b24dca1e9a525d
- SHA1
  
  366ae616becd1beaa884ab87659468921a32b8ab
- SHA256
  
  636586494bbb8266d974ac3dd259d1290c94c96a98d00165c502aafbbca5447a
- SHA512
  
  3b8f205a2ae57be0635f470411afeacf4c95f83594d415bd0472f6afa0f50ed1b04e29a65e2db48b7ead45357f5aa602a8427e200b7dbedf4611a2dd062bbb16
- SSDEEP
  
  12288:uFwqoSpOurJqsoXlkY70Oti5RmgNmz5sCB:ubowfon0Wijmww
Score

10^/10

blacknet hacked trojan
- BlackNET
  BlackNET is an open source remote access tool written in VB.NET.
  trojan blacknet
- BlackNET payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blacknethackedtrojan

behavioral2

blacknethackedtrojan

© 2018-2024

Terms | Privacy