General
-
Target
e9b24041847844a5d57b033bf0b41dc637eba7664acfb43da5db635ae920a1b4.exe
-
Size
79KB
-
Sample
210911-sp3t9abeb3
-
MD5
936593e1ba2e1fefc78389ed40ab9d9a
-
SHA1
dce566c765b39bca870e374c7f973b432a633fb3
-
SHA256
e9b24041847844a5d57b033bf0b41dc637eba7664acfb43da5db635ae920a1b4
-
SHA512
21d3f5f00be88041ee4839a776ed8e7428bcb1e8172d4c4f9af2a7b782c3f89fc4dd57402dbf77d24664b8a99d2d330dc8b231d9d7037564bbc9276c49633017
Malware Config
Extracted
blackmatter
2.0
14a875a2bd63041b2b3e5c323e8d5eee
Protocol: smtp- Port:
587 - Username:
[email protected] - Password:
Voyager1701!!!
Protocol: smtp- Port:
587 - Username:
[email protected] - Password:
HereGoes321
Protocol: smtp- Port:
587 - Username:
[email protected] - Password:
QApassw0rd
Protocol: smtp- Port:
587 - Username:
[email protected] - Password:
Aug21!!!
Protocol: smtp- Port:
587 - Username:
[email protected] - Password:
Glasgow0315
Protocol: smtp- Port:
587 - Username:
[email protected] - Password:
Eleanor22
Protocol: smtp- Port:
587 - Username:
[email protected] - Password:
Glasgow0315
https://mojobiden.com
http://mojobiden.com
https://nowautomation.com
http://nowautomation.com
-
attempt_auth
true
-
create_mutex
true
-
encrypt_network_shares
true
-
exfiltrate
true
-
mount_volumes
true
Targets
-
-
Target
e9b24041847844a5d57b033bf0b41dc637eba7664acfb43da5db635ae920a1b4.exe
-
Size
79KB
-
MD5
936593e1ba2e1fefc78389ed40ab9d9a
-
SHA1
dce566c765b39bca870e374c7f973b432a633fb3
-
SHA256
e9b24041847844a5d57b033bf0b41dc637eba7664acfb43da5db635ae920a1b4
-
SHA512
21d3f5f00be88041ee4839a776ed8e7428bcb1e8172d4c4f9af2a7b782c3f89fc4dd57402dbf77d24664b8a99d2d330dc8b231d9d7037564bbc9276c49633017
Score6/10-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-