Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

2e50eb85f6e271001e69c5733af95c34728893145766066c5ff8708dcc0e43b2.zip
Size

41KB
Sample

211204-hffy1saebr
MD5

f57a2e95937e7727c82b0782e1cdd0d0
SHA1

570ac30c3c40c62d67ac39e857e840b69908ed16
SHA256

e038bb439a412f1c98d22a9a4726fbe0747a8bbbb48a8d26ac4dcb039f29e53e
SHA512

be171554a26d962445b8a9238abc6faecd2398dc04305730ef44f03418f20971657254f04887c4dbbca87d0a360077cb9e4666747882ba4bdc82e8d567858647

Score

10^/10

blackmatter e4aaffc36f5d5b7d597455eb6d497df5

Malware Config

Extracted

Family

blackmatter

Version

2.0

Botnet

e4aaffc36f5d5b7d597455eb6d497df5

Credentials

Username:
pklages@spectrumfurniture.com
Password:
BBis#1ec

Username:
BackupExec@spectrumfurniture.com
Password:
k8DbBSZYWWnr0QqrILoo

Username:
admin@Northwoods.com
Password:
Smokie@CF

C2

https://mojobiden.com

http://mojobiden.com

https://nowautomation.com

http://nowautomation.com

Attributes

attempt_auth
true
create_mutex
true
encrypt_network_shares
true
exfiltrate
true
mount_volumes
true

rsa_pubkey.base64

aes.base64

Targets

- Target
  
  2e50eb85f6e271001e69c5733af95c34728893145766066c5ff8708dcc0e43b2.zip
- Size
  
  41KB
- MD5
  
  f57a2e95937e7727c82b0782e1cdd0d0
- SHA1
  
  570ac30c3c40c62d67ac39e857e840b69908ed16
- SHA256
  
  e038bb439a412f1c98d22a9a4726fbe0747a8bbbb48a8d26ac4dcb039f29e53e
- SHA512
  
  be171554a26d962445b8a9238abc6faecd2398dc04305730ef44f03418f20971657254f04887c4dbbca87d0a360077cb9e4666747882ba4bdc82e8d567858647
Score

4^/10
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

e4aaffc36f5d5b7d597455eb6d497df5blackmatter

behavioral1