2e50eb85f6e271001e69c5733af95c34728893145766066c5ff8708dcc0e43b2.zip
2e50eb85f6e271001e69c5733af95c34728893145766066c5ff8708dcc0e43b2.zip
41KB
211204-hffy1saebr
f57a2e95937e7727c82b0782e1cdd0d0
570ac30c3c40c62d67ac39e857e840b69908ed16
e038bb439a412f1c98d22a9a4726fbe0747a8bbbb48a8d26ac4dcb039f29e53e
be171554a26d962445b8a9238abc6faecd2398dc04305730ef44f03418f20971657254f04887c4dbbca87d0a360077cb9e4666747882ba4bdc82e8d567858647
Extracted
Family | blackmatter |
Version | 2.0 |
Botnet | e4aaffc36f5d5b7d597455eb6d497df5 |
Credentials | Protocol: Host: Port: Username: pklages@spectrumfurniture.com Password: BBis#1ec Protocol: Host: Port: Username: BackupExec@spectrumfurniture.com Password: k8DbBSZYWWnr0QqrILoo Protocol: Host: Port: Username: admin@Northwoods.com Password: Smokie@CF |
C2 |
https://mojobiden.com http://mojobiden.com https://nowautomation.com http://nowautomation.com |
Attributes |
attempt_auth true
create_mutex true
encrypt_network_shares true
exfiltrate true
mount_volumes true |
rsa_pubkey.base64 |
|
aes.base64 |
|
2e50eb85f6e271001e69c5733af95c34728893145766066c5ff8708dcc0e43b2.zip
f57a2e95937e7727c82b0782e1cdd0d0
41KB
570ac30c3c40c62d67ac39e857e840b69908ed16
e038bb439a412f1c98d22a9a4726fbe0747a8bbbb48a8d26ac4dcb039f29e53e
be171554a26d962445b8a9238abc6faecd2398dc04305730ef44f03418f20971657254f04887c4dbbca87d0a360077cb9e4666747882ba4bdc82e8d567858647