General

  • Target

    520bd9ed608c668810971dbd51184c6a29819674280b018dc4027bc38fc42e57.exe

  • Size

    78KB

  • MD5

    50c4970003a84cab1bf2634631fe39d7

  • SHA1

    721a749cbd6afcd765e07902c17d5ab949b04e4a

  • SHA256

    520bd9ed608c668810971dbd51184c6a29819674280b018dc4027bc38fc42e57

  • SHA512

    fb210c92f7d1be9f9361b11dffd30fac78eeaadabf844a78a7dad00169f994d089c1cf4a037d6a1b82fddf35a6bfa34b8cbf216ce1786f407dfc015c72533504

Malware Config

Extracted

Family

blackmatter

Version

2.0

Botnet

24483508bccfe72e63b26a1233058170

C2

https://mojobiden.com

http://mojobiden.com

Attributes
  • attempt_auth

    false

  • create_mutex

    true

  • encrypt_network_shares

    true

  • exfiltrate

    true

  • mount_volumes

    true

rsa_pubkey.base64
aes.base64

Signatures

  • BlackMatter 1 IoCs

    Quick PoC rule for BlackMatter based on the first few function calls.

  • Blackmatter family

Files

  • 520bd9ed608c668810971dbd51184c6a29819674280b018dc4027bc38fc42e57.exe
    .exe windows x86