General

  • Target

    f7b3da61cb6a37569270554776dbbd1406d7203718c0419c922aa393c07e9884

  • Size

    78KB

  • MD5

    ead753c057b5c3888ed2484013400b82

  • SHA1

    e7de753b9f1e4e771f51f9dc044628288ea831bd

  • SHA256

    f7b3da61cb6a37569270554776dbbd1406d7203718c0419c922aa393c07e9884

  • SHA512

    fd6e2a1ddc79d313b12f84f1df91d45b3972b825e153dfc62fd02d4fb9af72c4a0d1d05fcd141ab21232c7e72c0571562533c418bff7233206c89309f623b564

Malware Config

Extracted

Family

blackmatter

Version

2.0

Botnet

5ecf7b9cde33f85a3eec9350275b5c4f

C2

https://mojobiden.com

http://mojobiden.com

https://nowautomation.com

http://nowautomation.com

Attributes
  • attempt_auth

    false

  • create_mutex

    true

  • encrypt_network_shares

    true

  • exfiltrate

    true

  • mount_volumes

    true

rsa_pubkey.base64
aes.base64

Signatures

Files

  • f7b3da61cb6a37569270554776dbbd1406d7203718c0419c922aa393c07e9884
    .exe windows x86