General

  • Target

    bm1.4_contents.zip

  • Size

    51KB

  • Sample

    211201-w2bhbahhg3

  • MD5

    11431776599d205ef1f548ae488f54e5

  • SHA1

    2ad8b930ee352f19d55742962b2fbf4172f14ade

  • SHA256

    10beea3baa8e587ac078a518c46c90e381df03775c898a94d7c2de45e2bac6d4

  • SHA512

    4aa8b6d83791857ce1d428647c5d65a883c243cdeea961c888cfbe488c35373e02e3145565442010dc55f5f5a4194fb2a187c6e3e1fd97fb9e920c3c638bc1e9

Malware Config

Extracted

Family

blackmatter

Version

1.4

Botnet

caa0d21adc7bdc4dc424497512a8f37d

C2

https://paymenthacks.com

http://paymenthacks.com

https://mojobiden.com

http://mojobiden.com

Attributes
attempt_auth
false
create_mutex
true
encrypt_network_shares
true
exfiltrate
true
mount_volumes
true
rsa_pubkey.base64
aes.base64

Targets

    • Target

      0x000100000001ab31-114.dat

    • Size

      11KB

    • MD5

      fccff8cb7a1067e23fd2e2b63971a8e1

    • SHA1

      30e2a9e137c1223a78a0f7b0bf96a1c361976d91

    • SHA256

      6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e

    • SHA512

      f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c

    Score
    3/10
    • Target

      3020-116-0x0000000000400000-0x0000000000414000-memory.dmp

    • Size

      80KB

    • MD5

      01408ac403b5c33f965f650534f81a90

    • SHA1

      a1a23e1978fd58c9189817cca50163b06618b3bf

    • SHA256

      f6b73646a1f1e97dacae54aa9a294eb12c19a3fe5c4ed578787b55eaac3c8ac9

    • SHA512

      add8587516e42cced4466497322026408b6fe10a24c2c78feaf03210879a02b5ca92193e69ec5b445da485246872854a0d966373b9963b1a5adfac5834134404

    Score
    3/10

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation