General

  • Target

    706f3eec328e91ff7f66c8f0a2fb9b556325c153a329a2062dc85879c540839d

  • Size

    79KB

  • MD5

    62a1b4d4b461f4eaae91c70727f71604

  • SHA1

    1ced9a7e62aa65faa03eb1ad2bc786e9d9b5f6c2

  • SHA256

    706f3eec328e91ff7f66c8f0a2fb9b556325c153a329a2062dc85879c540839d

  • SHA512

    d14f989f5f54663c3ea63526a000e8db5d172046e37f412ed47cd31eb14db071b515b854bbb3ab3d2f41f936b6962583aaa0b3ef1236aa2506148813f66ad542

Malware Config

Extracted

Family

blackmatter

Version

2.0

Botnet

90a881ffa127b004cec6802588fce307

Credentials
  • Username:
    jmiklo@@adroot.newcoop.com
  • Password:
    sanfran85
C2

https://mojobiden.com

http://mojobiden.com

https://nowautomation.com

http://nowautomation.com

Attributes
  • attempt_auth

    true

  • create_mutex

    true

  • encrypt_network_shares

    true

  • exfiltrate

    true

  • mount_volumes

    true

rsa_pubkey.base64
aes.base64

Signatures

Files

  • 706f3eec328e91ff7f66c8f0a2fb9b556325c153a329a2062dc85879c540839d
    .exe windows x86