General
-
Target
d4645d2c29505cf10d1b201826c777b62cbf9d752cb1008bef1192e0dd545a82
-
Size
2.0MB
-
Sample
210902-tq712aagc7
-
MD5
8729ec8b771cfb0134740c564cd7e965
-
SHA1
d8de06e85d23afe38063f22ff0ef9cd597027122
-
SHA256
d4645d2c29505cf10d1b201826c777b62cbf9d752cb1008bef1192e0dd545a82
-
SHA512
1c049294744d906088327d332351da9739a561c1faf45e282e6afc9038c523abbd27a20619de947cf3782fcb76903a46f3a35258f0b80735b319319fbfc4bb5f
Static task
static1
Behavioral task
behavioral1
Sample
d4645d2c29505cf10d1b201826c777b62cbf9d752cb1008bef1192e0dd545a82
Resource
ubuntu-amd64
Malware Config
Extracted
blackmatter
1.6.0.4
b0e039b42ef6c19c2189651c9f6c390e
http://mojobiden.com
http://nowautomation.com
Targets
-
-
Target
d4645d2c29505cf10d1b201826c777b62cbf9d752cb1008bef1192e0dd545a82
-
Size
2.0MB
-
MD5
8729ec8b771cfb0134740c564cd7e965
-
SHA1
d8de06e85d23afe38063f22ff0ef9cd597027122
-
SHA256
d4645d2c29505cf10d1b201826c777b62cbf9d752cb1008bef1192e0dd545a82
-
SHA512
1c049294744d906088327d332351da9739a561c1faf45e282e6afc9038c523abbd27a20619de947cf3782fcb76903a46f3a35258f0b80735b319319fbfc4bb5f
Score9/10-
Deletes system logs
-
Modifies hosts file
Adds to hosts file used for mapping hosts to IP addresses.
-
Writes DNS configuration
Writes data to DNS resolver config file.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Reads CPU attributes
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-