General
-
Target
e9b24041847844a5d57b033bf0b41dc637eba7664acfb43da5db635ae920a1b4
-
Size
79KB
-
MD5
936593e1ba2e1fefc78389ed40ab9d9a
-
SHA1
dce566c765b39bca870e374c7f973b432a633fb3
-
SHA256
e9b24041847844a5d57b033bf0b41dc637eba7664acfb43da5db635ae920a1b4
-
SHA512
21d3f5f00be88041ee4839a776ed8e7428bcb1e8172d4c4f9af2a7b782c3f89fc4dd57402dbf77d24664b8a99d2d330dc8b231d9d7037564bbc9276c49633017
Score
10/10
Malware Config
Extracted
Family
blackmatter
Version
2.0
Botnet
14a875a2bd63041b2b3e5c323e8d5eee
Credentials
Protocol: smtp- Port:
587 - Username:
[email protected] - Password:
Voyager1701!!!
Protocol: smtp- Port:
587 - Username:
[email protected] - Password:
HereGoes321
Protocol: smtp- Port:
587 - Username:
[email protected] - Password:
QApassw0rd
Protocol: smtp- Port:
587 - Username:
[email protected] - Password:
Aug21!!!
Protocol: smtp- Port:
587 - Username:
[email protected] - Password:
Glasgow0315
Protocol: smtp- Port:
587 - Username:
[email protected] - Password:
Eleanor22
Protocol: smtp- Port:
587 - Username:
[email protected] - Password:
Glasgow0315
C2
https://mojobiden.com
http://mojobiden.com
https://nowautomation.com
http://nowautomation.com
Attributes
-
attempt_auth
true
-
create_mutex
true
-
encrypt_network_shares
true
-
exfiltrate
true
-
mount_volumes
true
rsa_pubkey.base64
aes.base64
Signatures
-
Blackmatter family
Files
-
e9b24041847844a5d57b033bf0b41dc637eba7664acfb43da5db635ae920a1b4