Overview

overview

10

Static

static

10

22d7d67c3a...d6.exe

windows7_x64

10

22d7d67c3a...d6.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5095304324087808.zip

  • Size

    41KB

  • MD5

    4e72c0ce46a26305c198196e03d90035

  • SHA1

    99b59b404fb31d3938a23181c1e02acef134678c

  • SHA256

    02ec55a8f4f97a84370ca72b03912ae8625d344b7bd1af92a2de4b636183f2ab

  • SHA512

    fa4c2e5f711dcf5b4546d95bc49b7ae088cb2a1bc88d9816dfab942e53a987eb582400667c1f4a78e7a95990be843d789241b837c075451de7f402af71603187

Score
10/10
512478c08dada2af19e49808fbda5b0bblackmatter

Malware Config

Extracted

Family

blackmatter

Version

1.2

Botnet

512478c08dada2af19e49808fbda5b0b

Credentials

  • Protocol:     smtp
  • Port:
    587
  • Username:
    aheisler@hhcp.com
  • Password:
    120Heisler

  • Protocol:     smtp
  • Port:
    587
  • Username:
    dsmith@hhcp.com
  • Password:
    Tesla2019

  • Protocol:     smtp
  • Port:
    587
  • Username:
    administrator@hhcp.com
  • Password:
    iteam8**
C2

https://paymenthacks.com

http://paymenthacks.com

https://mojobiden.com

http://mojobiden.com
Attributes
  • attempt_auth

    true

  • create_mutex

    true

  • encrypt_network_shares

    true

  • exfiltrate

    true

  • mount_volumes

    true

rsa_pubkey.base64
aes.base64

Signatures

Files

  • 5095304324087808.zip
    .zip

    Password: infected

  • 22d7d67c3af10b1a37f277ebabe2d1eb4fd25afbd6437d4377400e148bcc08d6
    .exe windows x86