While dissecting the BlackNET botnet panel, our HUNT team uncovered significant adversarial information:
BlackNET Panel & Builder: Initially developed in 2019, the BlackNET MAlware-as-a-Serivice (#MaaS) panel serves as the operational backbone for client-side components such as #stealers, #bankers, and #loaders. Central to this process is the botnet builder, which we’ve reversed to grasp its functionalities.
Our investigation revealed the following capabilities:
- Generate unique victim IDs and distinct hash sums for data logged in the panel.
- Specify the destination and filename for the malicious file.
- Launch this file at a predetermined time.
- Add the malicious file to the startup processes.
- Ensure the malicious file doesn’t execute in a virtual environment, providing a secure setting for file checks.
- Conceal the activity of this file.
- Encrypt data.
Full Article
