General
-
Target
22d7d67c3af10b1a37f277ebabe2d1eb4fd25afbd6437d4377400e148bcc08d6
-
Size
67KB
-
MD5
598c53bfef81e489375f09792e487f1a
-
SHA1
80a29bd2c349a8588edf42653ed739054f9a10f5
-
SHA256
22d7d67c3af10b1a37f277ebabe2d1eb4fd25afbd6437d4377400e148bcc08d6
-
SHA512
6a82ad5009588d2fa343bef8d9d2a02e2e76eec14979487a929a96a6b6965e82265a69ef8dd29a01927e9713468de3aedd7b5ee5e79839a1a50649855a160c35
Score
10/10
Malware Config
Extracted
Family
blackmatter
Version
1.2
Botnet
512478c08dada2af19e49808fbda5b0b
Credentials
Protocol: smtp- Port:
587 - Username:
aheisler@hhcp.com - Password:
120Heisler
Protocol: smtp- Port:
587 - Username:
dsmith@hhcp.com - Password:
Tesla2019
Protocol: smtp- Port:
587 - Username:
administrator@hhcp.com - Password:
iteam8**
C2
https://paymenthacks.com
http://paymenthacks.com
https://mojobiden.com
http://mojobiden.com
Attributes
-
attempt_auth
true
-
create_mutex
true
-
encrypt_network_shares
true
-
exfiltrate
true
-
mount_volumes
true
rsa_pubkey.base64
aes.base64
Signatures
-
Blackmatter family
Files
-
22d7d67c3af10b1a37f277ebabe2d1eb4fd25afbd6437d4377400e148bcc08d6