General

  • Target

    2e50eb85f6e271001e69c5733af95c34728893145766066c5ff8708dcc0e43b2.exe

  • Size

    79KB

  • MD5

    18c7c940bc6a4e778fbdf4a3e28151a8

  • SHA1

    f3589918d71b87c7e764479b79c4a7b485cb746a

  • SHA256

    2e50eb85f6e271001e69c5733af95c34728893145766066c5ff8708dcc0e43b2

  • SHA512

    6e808fe882640a517c2054fdece73059c7ea3e27a946e55f41b91fd0f757dcd8c76be8f381f60f3e45449edebaa4f620b903337727607f7768543b1acec40d18

Malware Config

Extracted

Family

blackmatter

Version

2.0

Botnet

e4aaffc36f5d5b7d597455eb6d497df5

Credentials

  • Protocol:
    smtp
  • Port:
    587
  • Username:
    pklages@spectrumfurniture.com
  • Password:
    BBis#1ec

  • Protocol:
    smtp
  • Port:
    587
  • Username:
    BackupExec@spectrumfurniture.com
  • Password:
    k8DbBSZYWWnr0QqrILoo

  • Protocol:
    smtp
  • Port:
    587
  • Username:
    admin@Northwoods.com
  • Password:
    Smokie@CF
C2

https://mojobiden.com

http://mojobiden.com

https://nowautomation.com

http://nowautomation.com

Attributes
  • attempt_auth

    true

  • create_mutex

    true

  • encrypt_network_shares

    true

  • exfiltrate

    true

  • mount_volumes

    true

rsa_pubkey.base64
aes.base64

Signatures

Files

  • 2e50eb85f6e271001e69c5733af95c34728893145766066c5ff8708dcc0e43b2.exe
    .exe windows x86