Resubmissions

24-10-2021 15:21

211024-srmaaafdck 10

21-10-2021 13:17

211021-qjbsgaada3 10

General

  • Target

    b4b9fdf30c017af1a8a3375218e43073117690a71c3f00ac5f6361993471e5e7

  • Size

    78KB

  • MD5

    5e2a1323dbf28eac8b3f4df9cb4f2d45

  • SHA1

    af77a09387df4ec967a8314ba0f93da0ef8e57ee

  • SHA256

    b4b9fdf30c017af1a8a3375218e43073117690a71c3f00ac5f6361993471e5e7

  • SHA512

    c2ba4f7458298129a8d2f1ac50640601d59086048ecc8d3d88985c31edf4014e4f4838308192ab39fb21d71a9b362a38a93edff58b570ec6f5ccfb940d871b94

Malware Config

Extracted

Family

blackmatter

Version

2.0

Botnet

d58b3b69acc48f82eaa82076f97763d4

C2

https://mojobiden.com

http://mojobiden.com

https://nowautomation.com

http://nowautomation.com

Attributes
  • attempt_auth

    false

  • create_mutex

    true

  • encrypt_network_shares

    true

  • exfiltrate

    true

  • mount_volumes

    true

rsa_pubkey.base64
aes.base64

Signatures

Files

  • b4b9fdf30c017af1a8a3375218e43073117690a71c3f00ac5f6361993471e5e7
    .exe windows x86