blacknet | a25f5a796b86f95ab6e7cfb0ad7f8bef109748ff4667477697dea597180d1d7a | Triage

Sharing

General

Target

2d745d5bb38d4bd8f13ff66551772efe
Size

1.1MB
Sample

231225-t2b3qshed2
MD5

2d745d5bb38d4bd8f13ff66551772efe
SHA1

6ccbd6fac2c228173b80caddaed057af5cc22d8d
SHA256

a25f5a796b86f95ab6e7cfb0ad7f8bef109748ff4667477697dea597180d1d7a
SHA512

70e736171ad1d5aee0d68b247fbe0afd415bc630399e4555a91dd43792794cd723912962a2a20f900a85bdd58040c20210c74e8f1b4456538003d18df7cae146
SSDEEP

24576:CcHSyExY6ViWhAkezLjJ9I9WSRJSBAIwDsJsT9dJdKspBBjgb:Coeb7ez7I9WdB5wDwsThdKspBBjg

Score

10^/10

blacknet persistence trojan

Malware Config

Targets

- Target
  
  2d745d5bb38d4bd8f13ff66551772efe
- Size
  
  1.1MB
- MD5
  
  2d745d5bb38d4bd8f13ff66551772efe
- SHA1
  
  6ccbd6fac2c228173b80caddaed057af5cc22d8d
- SHA256
  
  a25f5a796b86f95ab6e7cfb0ad7f8bef109748ff4667477697dea597180d1d7a
- SHA512
  
  70e736171ad1d5aee0d68b247fbe0afd415bc630399e4555a91dd43792794cd723912962a2a20f900a85bdd58040c20210c74e8f1b4456538003d18df7cae146
- SSDEEP
  
  24576:CcHSyExY6ViWhAkezLjJ9I9WSRJSBAIwDsJsT9dJdKspBBjgb:Coeb7ez7I9WdB5wDwsThdKspBBjg
Score

10^/10

blacknet trojan persistence
- BlackNET
  BlackNET is an open source remote access tool written in VB.NET.
  trojan blacknet
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

blacknetpersistencetrojan