General

  • Target

    d4647619fa2dc8fef5560d1662cbee6eb7dc95298dd40edf12dd4c8ee902d767.bin.sample

  • Size

    79KB

  • MD5

    2c4a733c7eb5b67e02046345d844879d

  • SHA1

    a975d15879946ee827be5a5f7ffcf5bc60c93d71

  • SHA256

    d4647619fa2dc8fef5560d1662cbee6eb7dc95298dd40edf12dd4c8ee902d767

  • SHA512

    6d3f8f111752fa722a02f231b5d40edc19d14dccf26c32ebb9fe1fde5e4e889a2562c9049476679a18dafaddaf0287e5ba2dff7ef9055a31f36eeeb41019025c

Malware Config

Extracted

Family

blackmatter

Version

2.0

Botnet

e4aaffc36f5d5b7d597455eb6d497df5

Credentials

Protocol: smtp

Host:

Port: 587

Username: pklages@spectrumfurniture.com

Password: BBis#1ec

Protocol: smtp

Host:

Port: 587

Username: BackupExec@spectrumfurniture.com

Password: k8DbBSZYWWnr0QqrILoo

Protocol: smtp

Host:

Port: 587

Username: admin@Northwoods.com

Password: Smokie@CF

C2

https://mojobiden.com

http://mojobiden.com

https://nowautomation.com

http://nowautomation.com

Attributes
attempt_auth
true
create_mutex
true
encrypt_network_shares
true
exfiltrate
true
mount_volumes
true
rsa_pubkey.base64
aes.base64

Signatures

Files

  • d4647619fa2dc8fef5560d1662cbee6eb7dc95298dd40edf12dd4c8ee902d767.bin.sample
    .exe windows x86