General
-
Target
0751c422962dcd500d7cf2cf8bf544ddf5b2fe3465df7dd9b9998f6bba5e08a4.bin.sample
-
Size
79KB
-
MD5
900b7b852674521b306bb03eb991b94a
-
SHA1
ed5b159b94ed5977efc1f3e05490545d7cb6a93e
-
SHA256
0751c422962dcd500d7cf2cf8bf544ddf5b2fe3465df7dd9b9998f6bba5e08a4
-
SHA512
04db23845665c6152a965d8401502588d09f6a4d30f83797cd772c179db8e445463ec5988e381d3a83789d4f20cd0378631e90560040f44a4b0b6634f373a093
Score
10/10
Malware Config
Extracted
Family
blackmatter
Version
2.0
Botnet
14a875a2bd63041b2b3e5c323e8d5eee
Credentials
Protocol: smtp- Port:
587 - Username:
[email protected] - Password:
Voyager1701!!!
Protocol: smtp- Port:
587 - Username:
[email protected] - Password:
HereGoes321
Protocol: smtp- Port:
587 - Username:
[email protected] - Password:
QApassw0rd
Protocol: smtp- Port:
587 - Username:
[email protected] - Password:
Aug21!!!
Protocol: smtp- Port:
587 - Username:
[email protected] - Password:
Glasgow0315
Protocol: smtp- Port:
587 - Username:
[email protected] - Password:
Eleanor22
Protocol: smtp- Port:
587 - Username:
[email protected] - Password:
Glasgow0315
C2
https://mojobiden.com
http://mojobiden.com
https://nowautomation.com
http://nowautomation.com
Attributes
-
attempt_auth
true
-
create_mutex
true
-
encrypt_network_shares
true
-
exfiltrate
true
-
mount_volumes
true
rsa_pubkey.base64
aes.base64
Signatures
-
Blackmatter family
Files
-
0751c422962dcd500d7cf2cf8bf544ddf5b2fe3465df7dd9b9998f6bba5e08a4.bin.sample