Overview

overview

10

Static

static

10

c105e8c328...10.exe

windows7-x64

10

c105e8c328...10.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    122fadb5b266bfe5525a7b450e4c778f.bin

  • Size

    30KB

  • Sample

    230817-bc4scaee85

  • MD5

    d50c81af93dc24342375c98c224ae443

  • SHA1

    95dd87845add010be302ce3ed1c98d3d9f840f48

  • SHA256

    66bcd477b81b41b5a61555031d67212cdaba48d3b6bb559991c58c63de261153

  • SHA512

    b35d7a2082369296e647b58e7876126e613c37f524972afda01740c4f27c67d6dfdb14b2fc5b7e4d15dfcb1bd648ed88eaa1338b35e7d8ddd9c16e42907a4377

  • SSDEEP

    768:Y55MS981BB/cA1WQ0klAmpAnG4UcD32jyaa6JGbwPqOWqJ:YXsL///7pv4Uemeaa6gbwJf

Score
10/10
blacknetasfdgsevasiontrojan

Malware Config

Extracted

Family

blacknet

Botnet

asfdgs

C2

http://google.com/pane

Mutex

dfgBN[iCvlRabZ-7434932]

Attributes
  • antivm

    false

  • elevate_uac

    false

  • install_name

    WindowsUpdate.exe

  • splitter

    |BN|

  • start_name

    35dcbc7eb742dd4f1edfbccf7826c724

  • startup

    false

  • usb_spread

    true

Targets

    • Target

      c105e8c3286a2589c4bbdaefbd266cd45be414d08854e48b4aa43104cc48c510.exe

    • Size

      79KB

    • MD5

      122fadb5b266bfe5525a7b450e4c778f

    • SHA1

      6141866987d31e85a522ea3881110789e4d38893

    • SHA256

      c105e8c3286a2589c4bbdaefbd266cd45be414d08854e48b4aa43104cc48c510

    • SHA512

      4f19e9cdaa581cae9d7e9bd4e534339beba55f4cc550a0dfd5b79a6476b89e6a1c90a6ea67bf0d06f9b7663cccee657b07cbc95c05415ca0eeeaa9f5e62f9b0e

    • SSDEEP

      1536:AZuhD5z28TC2CYl9706u/GiPL1TgbSUPH4LgjCtYn:51306u/G0tgbSKHagj+Yn

    Score
    10/10
    blacknetasfdgsevasiontrojan

    • BlackNET

      BlackNET is an open source remote access tool written in VB.NET.

      trojanblacknet

    • BlackNET payload

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Windows security modification

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Scheduled Task/Job

1
T1053

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Scheduled Task/Job

1
T1053

Defense Evasion

Modify Registry

2
T1112

Impair Defenses

2
T1562

Disable or Modify Tools

2
T1562.001

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks