Malware Analysis Report

2024-10-24 18:40

Sample ID 210902-tq712aagc7
Target d4645d2c29505cf10d1b201826c777b62cbf9d752cb1008bef1192e0dd545a82
SHA256 d4645d2c29505cf10d1b201826c777b62cbf9d752cb1008bef1192e0dd545a82
Tags
b0e039b42ef6c19c2189651c9f6c390e blackmatter persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d4645d2c29505cf10d1b201826c777b62cbf9d752cb1008bef1192e0dd545a82

Threat Level: Known bad

The file d4645d2c29505cf10d1b201826c777b62cbf9d752cb1008bef1192e0dd545a82 was found to be: Known bad.

Malicious Activity Summary

b0e039b42ef6c19c2189651c9f6c390e blackmatter persistence

Blackmatter family

Deletes system logs

Modifies hosts file

Writes DNS configuration

Creates/modifies Cron job

Reads CPU attributes

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2021-09-02 16:16

Signatures

Blackmatter family

blackmatter

Analysis: behavioral1

Detonation Overview

Submitted

2021-09-02 16:16

Reported

2021-09-02 16:22

Platform

ubuntu-amd64

Max time kernel

0s

Max time network

285s

Command Line

[./d4645d2c29505cf10d1b201826c777b62cbf9d752cb1008bef1192e0dd545a82]

Signatures

Deletes system logs

Description Indicator Process Target
/var/log/apt /var/log/apt N/A N/A
/var/log/installer /var/log/installer N/A N/A
/var/log/installer/cdebconf /var/log/installer/cdebconf N/A N/A
/var/log/dist-upgrade /var/log/dist-upgrade N/A N/A
/var/log/journal /var/log/journal N/A N/A
/var/log/journal/a44f0fe52e404b679b7b2c5bbcd8d157 /var/log/journal/a44f0fe52e404b679b7b2c5bbcd8d157 N/A N/A

Modifies hosts file

Description Indicator Process Target
/etc/hosts /etc/hosts N/A N/A

Writes DNS configuration

Description Indicator Process Target
/etc/resolv.conf /etc/resolv.conf N/A N/A

Creates/modifies Cron job

persistence
Description Indicator Process Target
/var/spool/cron/crontabs /var/spool/cron/crontabs N/A N/A

Reads CPU attributes

Description Indicator Process Target
/sys/devices/system/cpu/online /sys/devices/system/cpu/online N/A N/A

Writes file to tmp directory

Description Indicator Process Target
/tmp/.DBFD055C-9CF2-4BB8-908E-6DA22321BF17 /tmp/.DBFD055C-9CF2-4BB8-908E-6DA22321BF17 ./d4645d2c29505cf10d1b201826c777b62cbf9d752cb1008bef1192e0dd545a82 N/A
/tmp/main.log /tmp/main.log N/A N/A
/tmp/./d4645d2c29505cf10d1b201826c777b62cbf9d752cb1008bef1192e0dd545a82 /tmp/./d4645d2c29505cf10d1b201826c777b62cbf9d752cb1008bef1192e0dd545a82 N/A N/A

Processes

./d4645d2c29505cf10d1b201826c777b62cbf9d752cb1008bef1192e0dd545a82

[./d4645d2c29505cf10d1b201826c777b62cbf9d752cb1008bef1192e0dd545a82]

Network

Country Destination Domain Proto
N/A 1.1.1.1:53 changelogs.ubuntu.com udp
N/A 1.1.1.1:53 changelogs.ubuntu.com udp
N/A 91.189.91.48:443 changelogs.ubuntu.com tcp
N/A 1.1.1.1:53 nowautomation.com udp
N/A 1.1.1.1:53 mojobiden.com udp
N/A 91.189.91.157:123 udp
N/A 91.189.91.157:123 udp
N/A 91.189.91.157:123 udp
N/A 91.189.91.157:123 udp

Files

N/A