Static task
static1
Behavioral task
behavioral1
Sample
w32.exe
Resource
win10-en
windows10_x64
0 signatures
0 seconds
General
-
Target
w32.exe
-
Size
78KB
-
MD5
6e5986761cea340dce2efd4cf4f3790c
-
SHA1
4a8ca4b5c04112a753e9ff5989b80f0b12e13654
-
SHA256
2cdb5edf3039863c30818ca34d9240cb0068ad33128895500721bcdca70c78fd
-
SHA512
8df4406a8807978df8690cb578cd00f8d22c2ad5ff78b8d87806484adcde2eaa2901f1da100c31f1538da0503043c78cb3856d0592af2f094901d864956b83af
Score
10/10
Malware Config
Extracted
Family
blackmatter
Version
2.0
Botnet
6bed8cf959f0a07170c24bb972efd726
Credentials
Protocol: smtp- Port:
587 - Username:
Administrator@rpi - Password:
P0w3rPl4g
Protocol: smtp- Port:
587 - Username:
2fatest@rpi - Password:
poiu-0987
Protocol: smtp- Port:
587 - Username:
2fauser@rpi - Password:
1strongpassword!
C2
https://mojobiden.com
http://mojobiden.com
https://nowautomation.com
http://nowautomation.com
Attributes
-
attempt_auth
true
-
create_mutex
true
-
encrypt_network_shares
true
-
exfiltrate
true
-
mount_volumes
true
rsa_pubkey.base64
aes.base64
Signatures
-
Blackmatter family
Files
-
w32.exe.exe windows x86