blacknet | 66bcd477b81b41b5a61555031d67212cdaba48d3b6bb559991c58c63de261153 | Triage

Submit
Reports

Overview

overview

Static

static

c105e8c328...10.exe

windows7-x64

c105e8c328...10.exe

windows10-2004-x64

Sharing

General

Target

122fadb5b266bfe5525a7b450e4c778f.bin
Size

30KB
Sample

230817-bc4scaee85
MD5

d50c81af93dc24342375c98c224ae443
SHA1

95dd87845add010be302ce3ed1c98d3d9f840f48
SHA256

66bcd477b81b41b5a61555031d67212cdaba48d3b6bb559991c58c63de261153
SHA512

b35d7a2082369296e647b58e7876126e613c37f524972afda01740c4f27c67d6dfdb14b2fc5b7e4d15dfcb1bd648ed88eaa1338b35e7d8ddd9c16e42907a4377
SSDEEP

768:Y55MS981BB/cA1WQ0klAmpAnG4UcD32jyaa6JGbwPqOWqJ:YXsL///7pv4Uemeaa6gbwJf

Score

10^/10

blacknet asfdgs evasion trojan

Static task

static1

asfdgs blacknet

4 signatures

Behavioral task

behavioral1

Sample

c105e8c3286a2589c4bbdaefbd266cd45be414d08854e48b4aa43104cc48c510.exe

Resource

win7-20230712-en

blacknet asfdgs evasion trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

c105e8c3286a2589c4bbdaefbd266cd45be414d08854e48b4aa43104cc48c510.exe

Resource

win10v2004-20230703-en

blacknet asfdgs evasion trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

blacknet

Botnet

asfdgs

C2

http://google.com/pane

Mutex

dfgBN[iCvlRabZ-7434932]

Attributes

antivm
false
elevate_uac
false
install_name
WindowsUpdate.exe
splitter
|BN|
start_name
35dcbc7eb742dd4f1edfbccf7826c724
startup
false
usb_spread
true

Targets

- Target
  
  c105e8c3286a2589c4bbdaefbd266cd45be414d08854e48b4aa43104cc48c510.exe
- Size
  
  79KB
- MD5
  
  122fadb5b266bfe5525a7b450e4c778f
- SHA1
  
  6141866987d31e85a522ea3881110789e4d38893
- SHA256
  
  c105e8c3286a2589c4bbdaefbd266cd45be414d08854e48b4aa43104cc48c510
- SHA512
  
  4f19e9cdaa581cae9d7e9bd4e534339beba55f4cc550a0dfd5b79a6476b89e6a1c90a6ea67bf0d06f9b7663cccee657b07cbc95c05415ca0eeeaa9f5e62f9b0e
- SSDEEP
  
  1536:AZuhD5z28TC2CYl9706u/GiPL1TgbSUPH4LgjCtYn:51306u/G0tgbSKHagj+Yn
Score

10^/10

blacknet asfdgs evasion trojan
- BlackNET
  BlackNET is an open source remote access tool written in VB.NET.
  trojan blacknet
- BlackNET payload
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Windows security modification
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blacknetasfdgsevasiontrojan

behavioral2

blacknetasfdgsevasiontrojan

© 2018-2024

Terms | Privacy