Resubmissions

01-12-2021 14:23

211201-rqctsafhd9 10

02-09-2021 16:16

210902-tq712aagc7 10

General

  • Target

    d4645d2c29505cf10d1b201826c777b62cbf9d752cb1008bef1192e0dd545a82

  • Size

    2.0MB

  • Sample

    210902-tq712aagc7

  • MD5

    8729ec8b771cfb0134740c564cd7e965

  • SHA1

    d8de06e85d23afe38063f22ff0ef9cd597027122

  • SHA256

    d4645d2c29505cf10d1b201826c777b62cbf9d752cb1008bef1192e0dd545a82

  • SHA512

    1c049294744d906088327d332351da9739a561c1faf45e282e6afc9038c523abbd27a20619de947cf3782fcb76903a46f3a35258f0b80735b319319fbfc4bb5f

Malware Config

Extracted

Family

blackmatter

Version

1.6.0.4

Botnet

b0e039b42ef6c19c2189651c9f6c390e

C2

http://mojobiden.com

http://nowautomation.com

rsa_pubkey.plain
aes.plain

Targets

    • Target

      d4645d2c29505cf10d1b201826c777b62cbf9d752cb1008bef1192e0dd545a82

    • Size

      2.0MB

    • MD5

      8729ec8b771cfb0134740c564cd7e965

    • SHA1

      d8de06e85d23afe38063f22ff0ef9cd597027122

    • SHA256

      d4645d2c29505cf10d1b201826c777b62cbf9d752cb1008bef1192e0dd545a82

    • SHA512

      1c049294744d906088327d332351da9739a561c1faf45e282e6afc9038c523abbd27a20619de947cf3782fcb76903a46f3a35258f0b80735b319319fbfc4bb5f

    Score
    9/10
    • Deletes system logs

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Writes DNS configuration

      Writes data to DNS resolver config file.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Reads CPU attributes

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

MITRE ATT&CK Enterprise v6

Tasks