Overview

overview

10

Static

static

10

2e50eb85f6...b2.exe

windows7_x64

10

2e50eb85f6...b2.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2e50eb85f6e271001e69c5733af95c34728893145766066c5ff8708dcc0e43b2.zip

  • Size

    41KB

  • MD5

    b4c2e464602a284fff7b7ff35f5cf863

  • SHA1

    7e3a50919f7c8f3a683fbf39b3e01b6cafc444e1

  • SHA256

    e146f17a53300e19ec480d069b341688127d46198ff0fdd0e059914130d56f56

  • SHA512

    da3245f9e0f90a1c8ecc5adfd4ecc7cb1de9aebbe55e27f6f033ffd47005010c704a80e7fb7290503f327545487202b213d2de1c4b9fb1e442f94e0533aab025

Score
10/10
e4aaffc36f5d5b7d597455eb6d497df5blackmatter

Malware Config

Extracted

Family

blackmatter

Version

2.0

Botnet

e4aaffc36f5d5b7d597455eb6d497df5

Credentials

  • Protocol:     smtp
  • Port:
    587
  • Username:
    pklages@spectrumfurniture.com
  • Password:
    BBis#1ec

  • Protocol:     smtp
  • Port:
    587
  • Username:
    BackupExec@spectrumfurniture.com
  • Password:
    k8DbBSZYWWnr0QqrILoo

  • Protocol:     smtp
  • Port:
    587
  • Username:
    admin@Northwoods.com
  • Password:
    Smokie@CF
C2

https://mojobiden.com

http://mojobiden.com

https://nowautomation.com

http://nowautomation.com
Attributes
  • attempt_auth

    true

  • create_mutex

    true

  • encrypt_network_shares

    true

  • exfiltrate

    true

  • mount_volumes

    true

rsa_pubkey.base64
aes.base64

Signatures

Files

  • 2e50eb85f6e271001e69c5733af95c34728893145766066c5ff8708dcc0e43b2.zip
    .zip

    Password: infected

  • 2e50eb85f6e271001e69c5733af95c34728893145766066c5ff8708dcc0e43b2.exe
    .exe windows x86