Overview

overview

10

Static

static

10

c14e74f1d3...8e.exe

windows7-x64

10

c14e74f1d3...8e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe

  • Size

    75KB

  • Sample

    240314-atfleagc79

  • MD5

    344392293aef0a7e7f30cbbde6e179c2

  • SHA1

    3a6197e3f0dcdba4c7b0e3ed25f88a2fc51fb3f9

  • SHA256

    c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e

  • SHA512

    529671e2417d8ff5620e4fd44d84abbb69b523ebf4e85ec637eccfb85d2150c4ba49d801148e0861510d83df109cb4554cfef046677c077caf5210c7c16518ac

  • SSDEEP

    1536:pZuhD5z28TC2WmvbTkN1PeITgbSUPH4LJ0tYIq:u/jTkNY+gbSKHaJoYI

Score
10/10
blacknethackedpersistencetrojan

Malware Config

Extracted

Family

blacknet

Botnet

HacKed

C2

http://dbhg.duckdns.org

Mutex

BN[ZGYKOnbZ-5872602]

Attributes
  • antivm

    true

  • elevate_uac

    false

  • install_name

    WindowsUpdate.exe

  • splitter

    |BN|

  • start_name

    35dcbc7eb742dd4f1edfbccf7826c724

  • startup

    true

  • usb_spread

    false

Targets

    • Target

      c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e.exe

    • Size

      75KB

    • MD5

      344392293aef0a7e7f30cbbde6e179c2

    • SHA1

      3a6197e3f0dcdba4c7b0e3ed25f88a2fc51fb3f9

    • SHA256

      c14e74f1d39c962a0015521019131b3df3d48ebb44996c83c1569d3ad189e68e

    • SHA512

      529671e2417d8ff5620e4fd44d84abbb69b523ebf4e85ec637eccfb85d2150c4ba49d801148e0861510d83df109cb4554cfef046677c077caf5210c7c16518ac

    • SSDEEP

      1536:pZuhD5z28TC2WmvbTkN1PeITgbSUPH4LJ0tYIq:u/jTkNY+gbSKHaJoYI

    Score
    10/10
    blacknetpersistencetrojan

    • BlackNET

      BlackNET is an open source remote access tool written in VB.NET.

      trojanblacknet

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks