General

  • Target

    5095304324087808.zip

  • Size

    41KB

  • MD5

    4e72c0ce46a26305c198196e03d90035

  • SHA1

    99b59b404fb31d3938a23181c1e02acef134678c

  • SHA256

    02ec55a8f4f97a84370ca72b03912ae8625d344b7bd1af92a2de4b636183f2ab

  • SHA512

    fa4c2e5f711dcf5b4546d95bc49b7ae088cb2a1bc88d9816dfab942e53a987eb582400667c1f4a78e7a95990be843d789241b837c075451de7f402af71603187

Malware Config

Extracted

Family

blackmatter

Version

1.2

Botnet

512478c08dada2af19e49808fbda5b0b

Credentials
C2

https://paymenthacks.com

http://paymenthacks.com

https://mojobiden.com

http://mojobiden.com

Attributes
  • attempt_auth

    true

  • create_mutex

    true

  • encrypt_network_shares

    true

  • exfiltrate

    true

  • mount_volumes

    true

rsa_pubkey.base64
aes.base64

Signatures

Files

  • 5095304324087808.zip
    .zip

    Password: infected

  • 22d7d67c3af10b1a37f277ebabe2d1eb4fd25afbd6437d4377400e148bcc08d6
    .exe windows x86