blacknet | 14490c9c139e9bc984781f8143a571e1f1f140c69a7cd12c34fc0bf20abb0889 | Triage

Submit
Reports

Overview

overview

Static

static

1

BAA73A9B35...14.exe

windows7-x64

BAA73A9B35...14.exe

windows10-2004-x64

Sharing

General

Target

BAA73A9B35BF02D8C56A1286BCD2D714.exe
Size

1.1MB
Sample

240128-xr23ysgcd6
MD5

baa73a9b35bf02d8c56a1286bcd2d714
SHA1

a179259548f9e81b65126130342f5b076c8b8a77
SHA256

14490c9c139e9bc984781f8143a571e1f1f140c69a7cd12c34fc0bf20abb0889
SHA512

02f75dafbd6cabc107fd681d0cc65991b0a21b16b713fba77db4928e78f1da23474ddb4535f8280dc56186da90e41adc7ad8b10ffde2d0b18ff494273021d644
SSDEEP

12288:DCwHtUz0qTqcXrwV+XinIBLAx9gKupscZ0PpHTzY8QGWlCL8K7XLlq95ZPFdmUG/:DCwHybsV/IOv6scZ0BzUfCz3+zsw8YS

Score

10^/10

blacknet zgrat hacked persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

BAA73A9B35BF02D8C56A1286BCD2D714.exe

Resource

win7-20231215-en

blacknet zgrat hacked persistence rat trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

BAA73A9B35BF02D8C56A1286BCD2D714.exe

Resource

win10v2004-20231215-en

blacknet zgrat hacked persistence rat trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

blacknet

Version

v3.7.0 Public

Botnet

HacKed

C2

http://190.123.44.240

Mutex

BN[]

Attributes

antivm
false
elevate_uac
false
install_name
WindowsUpdate.exe
splitter
|BN|
start_name
e162b1333458a713bc6916cc8ac4110c
startup
true
usb_spread
false

Targets

- Target
  
  BAA73A9B35BF02D8C56A1286BCD2D714.exe
- Size
  
  1.1MB
- MD5
  
  baa73a9b35bf02d8c56a1286bcd2d714
- SHA1
  
  a179259548f9e81b65126130342f5b076c8b8a77
- SHA256
  
  14490c9c139e9bc984781f8143a571e1f1f140c69a7cd12c34fc0bf20abb0889
- SHA512
  
  02f75dafbd6cabc107fd681d0cc65991b0a21b16b713fba77db4928e78f1da23474ddb4535f8280dc56186da90e41adc7ad8b10ffde2d0b18ff494273021d644
- SSDEEP
  
  12288:DCwHtUz0qTqcXrwV+XinIBLAx9gKupscZ0PpHTzY8QGWlCL8K7XLlq95ZPFdmUG/:DCwHybsV/IOv6scZ0BzUfCz3+zsw8YS
Score

10^/10

blacknet zgrat hacked persistence rat trojan
- BlackNET
  BlackNET is an open source remote access tool written in VB.NET.
  trojan blacknet
- BlackNET payload
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blacknetzgrathackedpersistencerattrojan

behavioral2

blacknetzgrathackedpersistencerattrojan

© 2018-2024

Terms | Privacy