General

  • Target

    1247a68b960aa81b7517c614c12c8b5d1921d1d2fdf17be636079ad94caf970f

  • Size

    2.0MB

  • Sample

    210826-echn8c5dn6

  • MD5

    3f328e68ed4d59973f9c5b4f36545ab0

  • SHA1

    f2724c0abb93b6a1d3f6fcb59b88c2aebbd76031

  • SHA256

    1247a68b960aa81b7517c614c12c8b5d1921d1d2fdf17be636079ad94caf970f

  • SHA512

    905834e82f0144db00dcb49078792beb7c595dd0fca1937aace49be430919f6a43b84f239c46f9e9bd5e494c49eb5f4e3c18ad494eb311c44e5704e715a0d10d

Malware Config

Extracted

Family

blackmatter

Version

1.6.0.2

rsa_pubkey.plain
aes.plain

Targets

    • Target

      1247a68b960aa81b7517c614c12c8b5d1921d1d2fdf17be636079ad94caf970f

    • Size

      2.0MB

    • MD5

      3f328e68ed4d59973f9c5b4f36545ab0

    • SHA1

      f2724c0abb93b6a1d3f6fcb59b88c2aebbd76031

    • SHA256

      1247a68b960aa81b7517c614c12c8b5d1921d1d2fdf17be636079ad94caf970f

    • SHA512

      905834e82f0144db00dcb49078792beb7c595dd0fca1937aace49be430919f6a43b84f239c46f9e9bd5e494c49eb5f4e3c18ad494eb311c44e5704e715a0d10d

    Score
    9/10
    • Deletes system logs

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

MITRE ATT&CK Enterprise v6

Tasks