General

  • Target

    d4647619fa2dc8fef5560d1662cbee6eb7dc95298dd40edf12dd4c8ee902d767.bin.sample

  • Size

    79KB

  • MD5

    2c4a733c7eb5b67e02046345d844879d

  • SHA1

    a975d15879946ee827be5a5f7ffcf5bc60c93d71

  • SHA256

    d4647619fa2dc8fef5560d1662cbee6eb7dc95298dd40edf12dd4c8ee902d767

  • SHA512

    6d3f8f111752fa722a02f231b5d40edc19d14dccf26c32ebb9fe1fde5e4e889a2562c9049476679a18dafaddaf0287e5ba2dff7ef9055a31f36eeeb41019025c

Malware Config

Extracted

Family

blackmatter

Version

2.0

Botnet

e4aaffc36f5d5b7d597455eb6d497df5

Credentials

  • Protocol:
    smtp
  • Port:
    587
  • Username:
    pklages@spectrumfurniture.com
  • Password:
    BBis#1ec

  • Protocol:
    smtp
  • Port:
    587
  • Username:
    BackupExec@spectrumfurniture.com
  • Password:
    k8DbBSZYWWnr0QqrILoo

  • Protocol:
    smtp
  • Port:
    587
  • Username:
    admin@Northwoods.com
  • Password:
    Smokie@CF
C2

https://mojobiden.com

http://mojobiden.com

https://nowautomation.com

http://nowautomation.com

Attributes
  • attempt_auth

    true

  • create_mutex

    true

  • encrypt_network_shares

    true

  • exfiltrate

    true

  • mount_volumes

    true

rsa_pubkey.base64
aes.base64

Signatures

Files

  • d4647619fa2dc8fef5560d1662cbee6eb7dc95298dd40edf12dd4c8ee902d767.bin.sample
    .exe windows x86