blacknet | 6577f67f432e72d7af868b787346e3a94fd8792fac7aa08e3c244560ece7384f | Triage

Submit
Reports

Overview

overview

Static

static

3

dynamic_loader.exe

windows11-21h2-x64

Sharing

General

Target

dynamic_loader.exe
Size

6.9MB
Sample

240919-e6nvrs1dnb
MD5

7a824d33fa3fa451da500ceb5b332607
SHA1

15c0a254c3ab0c9e83f19be4abbf96f9cb914544
SHA256

6577f67f432e72d7af868b787346e3a94fd8792fac7aa08e3c244560ece7384f
SHA512

a6d7a4b52f12c1787170b9387aa8e37fe09947e35cd7a991ae35733e3dd9e27530a181d027ff6c3dc8c67a1475273c0439db972280b428d0d4654e8402c3011e
SSDEEP

196608:tKRV2NBKA1HeT39Iig5Tet4Q4G/NsINyzWWAMYI93:WV2fj1+TtIiOS1NsIkzWWAcx

Score

10^/10

blacknet red-s defense_evasion discovery pyinstaller trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

dynamic_loader.exe

Resource

win11-20240802-en

blacknet red-s defense_evasion discovery trojan

windows11-21h2-x64

25 signatures

150 seconds

Malware Config

Extracted

Family

blacknet

Version

v3.7.0 Public

Botnet

RED-S

C2

https://fertileblack.scot/framework

Mutex

BN[]

Attributes

antivm
true
elevate_uac
false
install_name
WindowsUpdate.exe
splitter
|BN|
start_name
e162b1333458a713bc6916cc8ac4110c
startup
false
usb_spread
false

Targets

- Target
  
  dynamic_loader.exe
- Size
  
  6.9MB
- MD5
  
  7a824d33fa3fa451da500ceb5b332607
- SHA1
  
  15c0a254c3ab0c9e83f19be4abbf96f9cb914544
- SHA256
  
  6577f67f432e72d7af868b787346e3a94fd8792fac7aa08e3c244560ece7384f
- SHA512
  
  a6d7a4b52f12c1787170b9387aa8e37fe09947e35cd7a991ae35733e3dd9e27530a181d027ff6c3dc8c67a1475273c0439db972280b428d0d4654e8402c3011e
- SSDEEP
  
  196608:tKRV2NBKA1HeT39Iig5Tet4Q4G/NsINyzWWAMYI93:WV2fj1+TtIiOS1NsIkzWWAcx
Score

10^/10

blacknet red-s defense_evasion discovery trojan
- BlackNET
  BlackNET is an open source remote access tool written in VB.NET.
  trojan blacknet
- BlackNET payload
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blacknetred-sdefense_evasiondiscoverytrojan

© 2018-2024

Terms | Privacy