General
-
Target
3a4bd5288b89aa26fbe39353b93c1205efa671be4f96e50beae0965f45fdcc40
-
Size
79KB
-
MD5
35aaa2a2208956d1b8752954722ff76d
-
SHA1
fccda267f03d8dcd815f662f0fdc1e18e9fd4be3
-
SHA256
3a4bd5288b89aa26fbe39353b93c1205efa671be4f96e50beae0965f45fdcc40
-
SHA512
25cca12fd228932402aa4ee3f88f1d1db45ff8167aa4a260ecc1d1911f500c239a9d0465547974abfa3ed6f330a4654932df0fa820b8bcd9c9acfb99ccbcb1e3
Score
10/10
Malware Config
Extracted
Family
blackmatter
Version
2.0
Botnet
14a875a2bd63041b2b3e5c323e8d5eee
Credentials
Protocol: smtp- Port:
587 - Username:
[email protected] - Password:
Voyager1701!!!
Protocol: smtp- Port:
587 - Username:
[email protected] - Password:
HereGoes321
Protocol: smtp- Port:
587 - Username:
[email protected] - Password:
QApassw0rd
Protocol: smtp- Port:
587 - Username:
[email protected] - Password:
Aug21!!!
Protocol: smtp- Port:
587 - Username:
[email protected] - Password:
Glasgow0315
Protocol: smtp- Port:
587 - Username:
[email protected] - Password:
Eleanor22
Protocol: smtp- Port:
587 - Username:
[email protected] - Password:
Glasgow0315
C2
https://mojobiden.com
http://mojobiden.com
https://nowautomation.com
http://nowautomation.com
Attributes
-
attempt_auth
true
-
create_mutex
true
-
encrypt_network_shares
true
-
exfiltrate
true
-
mount_volumes
true
rsa_pubkey.base64
aes.base64
Signatures
-
Blackmatter family
Files
-
3a4bd5288b89aa26fbe39353b93c1205efa671be4f96e50beae0965f45fdcc40