blacknet | 61317d21af36bf0640cbb2d71db860ce698a8cbe4cf38b433a4b04441ed1b7fe | Triage

Submit
Reports

Overview

overview

Static

static

3

636586494b...7a.exe

windows7-x64

636586494b...7a.exe

windows10-2004-x64

Sharing

General

Target

23f50c4bff4b1018a5b24dca1e9a525d.bin
Size

371KB
Sample

230611-bjq5tsgb83
MD5

d683feb9ea757cfd2ac0c914743769c6
SHA1

8557c0ff5ac8fdf3b00af6122d8e5c1d4a068565
SHA256

61317d21af36bf0640cbb2d71db860ce698a8cbe4cf38b433a4b04441ed1b7fe
SHA512

c0dad3c3062655ebd147807ee8e6297ea52191a5af98d043efb1a59f8f6563d757c9900776b08ee9e374eef2ebe0e1384751248f9fa4e116b74705f56097b0e0
SSDEEP

6144:VaEdOx33eIjv1dOSXFCyuKfwxOkzxzdsWCteMbL9G/CLTxeYnolUD8lOXjKlFMC/:gE833hd1FduKfwxOcCWmeMXNxfuUD1Xy

Score

10^/10

blacknet hacked trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

636586494bbb8266d974ac3dd259d1290c94c96a98d00165c502aafbbca5447a.exe

Resource

win7-20230220-en

blacknet hacked trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

636586494bbb8266d974ac3dd259d1290c94c96a98d00165c502aafbbca5447a.exe

Resource

win10v2004-20230220-en

blacknet hacked trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

blacknet

Version

v3.6.0 Public

Botnet

HacKed

C2

http://bankslip.info/david/

Mutex

BN[lnUntCqW-7778345]

Attributes

antivm
false
elevate_uac
false
install_name
WindowsUpdate.exe
splitter
|BN|
start_name
a5b002eacf54590ec8401ff6d3f920ee
startup
false
usb_spread
false

Targets

- Target
  
  636586494bbb8266d974ac3dd259d1290c94c96a98d00165c502aafbbca5447a.exe
- Size
  
  429KB
- MD5
  
  23f50c4bff4b1018a5b24dca1e9a525d
- SHA1
  
  366ae616becd1beaa884ab87659468921a32b8ab
- SHA256
  
  636586494bbb8266d974ac3dd259d1290c94c96a98d00165c502aafbbca5447a
- SHA512
  
  3b8f205a2ae57be0635f470411afeacf4c95f83594d415bd0472f6afa0f50ed1b04e29a65e2db48b7ead45357f5aa602a8427e200b7dbedf4611a2dd062bbb16
- SSDEEP
  
  12288:uFwqoSpOurJqsoXlkY70Oti5RmgNmz5sCB:ubowfon0Wijmww
Score

10^/10

blacknet hacked trojan
- BlackNET
  BlackNET is an open source remote access tool written in VB.NET.
  trojan blacknet
- BlackNET payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blacknethackedtrojan

behavioral2

blacknethackedtrojan

© 2018-2024

Terms | Privacy