General

  • Target

    w32.exe

  • Size

    78KB

  • MD5

    6e5986761cea340dce2efd4cf4f3790c

  • SHA1

    4a8ca4b5c04112a753e9ff5989b80f0b12e13654

  • SHA256

    2cdb5edf3039863c30818ca34d9240cb0068ad33128895500721bcdca70c78fd

  • SHA512

    8df4406a8807978df8690cb578cd00f8d22c2ad5ff78b8d87806484adcde2eaa2901f1da100c31f1538da0503043c78cb3856d0592af2f094901d864956b83af

Malware Config

Extracted

Family

blackmatter

Version

2.0

Botnet

6bed8cf959f0a07170c24bb972efd726

Credentials

  • Protocol:
    smtp
  • Port:
    587
  • Username:
    Administrator@rpi
  • Password:
    P0w3rPl4g

  • Protocol:
    smtp
  • Port:
    587
  • Username:
    2fatest@rpi
  • Password:
    poiu-0987

  • Protocol:
    smtp
  • Port:
    587
  • Username:
    2fauser@rpi
  • Password:
    1strongpassword!
C2

https://mojobiden.com

http://mojobiden.com

https://nowautomation.com

http://nowautomation.com

Attributes
  • attempt_auth

    true

  • create_mutex

    true

  • encrypt_network_shares

    true

  • exfiltrate

    true

  • mount_volumes

    true

rsa_pubkey.base64
aes.base64

Signatures

Files

  • w32.exe
    .exe windows x86