blacknet | 5b14d9674cbd536403423c9822182497469034a86ad12ced50ab02bdc9166cce | Triage

Submit
Reports

Overview

overview

Static

static

3

5de9dcc57b...dc.exe

windows7-x64

5de9dcc57b...dc.exe

windows10-2004-x64

Sharing

General

Target

5de9dcc57b578bf915e553ae272269dc
Size

684KB
Sample

240115-yb6a4sdggk
MD5

5de9dcc57b578bf915e553ae272269dc
SHA1

162ef6514901b7783261eb12f68f8798dc0e8f3d
SHA256

5b14d9674cbd536403423c9822182497469034a86ad12ced50ab02bdc9166cce
SHA512

98f2d30c39ef4706ed95579dfccf6e6637b5643c06c41dcc0dd4f61f6628f1d9691684b92699045b80486313fbb9d076e734419d83e31a036c36a1e30cd7dff5
SSDEEP

6144:XkKRDBCU++To9SLXGvRitOcpuAtk42a85SZvmSj/IHhiohh0RZHy4Y4uGtBzcVT:PgSLGI4AgJ5SZ9QHhhCXqGPz

Score

10^/10

blacknet d7tj7v evasion trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5de9dcc57b578bf915e553ae272269dc.exe

Resource

win7-20231215-en

blacknet d7tj7v evasion trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

5de9dcc57b578bf915e553ae272269dc.exe

Resource

win10v2004-20231215-en

blacknet d7tj7v evasion trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

blacknet

Version

v3.7.0 Public

Botnet

D7tJ7v

C2

http://officialcomerce1.xyz/lee

Mutex

BN[f9a1b17a]

Attributes

antivm
false
elevate_uac
false
install_name
WindowsUpdate.exe
splitter
|BN|
start_name
e162b1333458a713bc6916cc8ac4110c
startup
false
usb_spread
false

Targets

- Target
  
  5de9dcc57b578bf915e553ae272269dc
- Size
  
  684KB
- MD5
  
  5de9dcc57b578bf915e553ae272269dc
- SHA1
  
  162ef6514901b7783261eb12f68f8798dc0e8f3d
- SHA256
  
  5b14d9674cbd536403423c9822182497469034a86ad12ced50ab02bdc9166cce
- SHA512
  
  98f2d30c39ef4706ed95579dfccf6e6637b5643c06c41dcc0dd4f61f6628f1d9691684b92699045b80486313fbb9d076e734419d83e31a036c36a1e30cd7dff5
- SSDEEP
  
  6144:XkKRDBCU++To9SLXGvRitOcpuAtk42a85SZvmSj/IHhiohh0RZHy4Y4uGtBzcVT:PgSLGI4AgJ5SZ9QHhhCXqGPz
Score

10^/10

blacknet d7tj7v evasion trojan
- BlackNET
  BlackNET is an open source remote access tool written in VB.NET.
  trojan blacknet
- BlackNET payload
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

blacknetd7tj7vevasiontrojan

behavioral2

blacknetd7tj7vevasiontrojan

© 2018-2024

Terms | Privacy