Overview

overview

10

Static

static

10

0x00010000...at.dll

windows7_x64

3

0x00010000...at.dll

windows10_x64

3

3020-116-0...mp.exe

windows7_x64

1

3020-116-0...mp.exe

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bm1.4_contents.zip

  • Size

    51KB

  • MD5

    11431776599d205ef1f548ae488f54e5

  • SHA1

    2ad8b930ee352f19d55742962b2fbf4172f14ade

  • SHA256

    10beea3baa8e587ac078a518c46c90e381df03775c898a94d7c2de45e2bac6d4

  • SHA512

    4aa8b6d83791857ce1d428647c5d65a883c243cdeea961c888cfbe488c35373e02e3145565442010dc55f5f5a4194fb2a187c6e3e1fd97fb9e920c3c638bc1e9

Score
10/10
caa0d21adc7bdc4dc424497512a8f37dblackmatter

Malware Config

Extracted

Family

blackmatter

Version

1.4

Botnet

caa0d21adc7bdc4dc424497512a8f37d

C2

https://paymenthacks.com

http://paymenthacks.com

https://mojobiden.com

http://mojobiden.com
Attributes
  • attempt_auth

    false

  • create_mutex

    true

  • encrypt_network_shares

    true

  • exfiltrate

    true

  • mount_volumes

    true

rsa_pubkey.base64
aes.base64

Signatures

Files

  • bm1.4_contents.zip
    .zip

    Password: infected

  • 0x000100000001ab31-114.dat
    .dll windows x86


    Exports

  • 0x00030000000152f8-120.dat
  • 2540-119-0x0000000000000000-mapping.dmp
  • 260-121-0x0000000000000000-mapping.dmp
  • 3020-115-0x000000000040EB61-mapping.dmp
  • 3020-116-0x0000000000400000-0x0000000000414000-memory.dmp
    .exe windows x86


  • 3020-117-0x0000000002063000-0x0000000002065000-memory.dmp
  • 3020-118-0x0000000002060000-0x0000000002061000-memory.dmp