General
Target

706f3eec328e91ff7f66c8f0a2fb9b556325c153a329a2062dc85879c540839d

Filesize

79KB

Completed

23-11-2021 18:16

Task

static1

Score
10/10
MD5

62a1b4d4b461f4eaae91c70727f71604

SHA1

1ced9a7e62aa65faa03eb1ad2bc786e9d9b5f6c2

SHA256

706f3eec328e91ff7f66c8f0a2fb9b556325c153a329a2062dc85879c540839d

SHA256

d14f989f5f54663c3ea63526a000e8db5d172046e37f412ed47cd31eb14db071b515b854bbb3ab3d2f41f936b6962583aaa0b3ef1236aa2506148813f66ad542

Malware Config

Extracted

Family

blackmatter

Version

2.0

Botnet

90a881ffa127b004cec6802588fce307

Credentials

Protocol:

Host:

Port:

Username: Administrator@adroot.newcoop.com

Password: Q7Q&quot

Protocol:

Host:

Port:

Username: bbanneker@soilmap.com

Password: !$(AYw94+PJ,rX

Protocol:

Host:

Port:

Username: jmiklo@@adroot.newcoop.com

Password: sanfran85

Protocol:

Host:

Port:

Username: da.rob@adroot.newcoop.com

Password: sanfran85

Protocol:

Host:

Port:

Username: da.jeff@adroot.newcoop.com

Password: sanfran85

C2

https://mojobiden.com

http://mojobiden.com

https://nowautomation.com

http://nowautomation.com

Attributes
attempt_auth
true
create_mutex
true
encrypt_network_shares
true
exfiltrate
true
mount_volumes
true
rsa_pubkey.base64
aes.base64
Signatures 1

Filter: none

Files

  • 706f3eec328e91ff7f66c8f0a2fb9b556325c153a329a2062dc85879c540839d Extensions .exe Tags windows x86