2e50eb85f6e271001e69c5733af95c34728893145766066c5ff8708dcc0e43b2.zip

General
Target

2e50eb85f6e271001e69c5733af95c34728893145766066c5ff8708dcc0e43b2.zip

Size

41KB

Sample

211204-hffy1saebr

Score
10 /10
MD5

f57a2e95937e7727c82b0782e1cdd0d0

SHA1

570ac30c3c40c62d67ac39e857e840b69908ed16

SHA256

e038bb439a412f1c98d22a9a4726fbe0747a8bbbb48a8d26ac4dcb039f29e53e

SHA512

be171554a26d962445b8a9238abc6faecd2398dc04305730ef44f03418f20971657254f04887c4dbbca87d0a360077cb9e4666747882ba4bdc82e8d567858647

Malware Config

Extracted

Family blackmatter
Version 2.0
Botnet e4aaffc36f5d5b7d597455eb6d497df5
Credentials

Protocol:

Host:

Port:

Username: pklages@spectrumfurniture.com

Password: BBis#1ec

Protocol:

Host:

Port:

Username: BackupExec@spectrumfurniture.com

Password: k8DbBSZYWWnr0QqrILoo

Protocol:

Host:

Port:

Username: admin@Northwoods.com

Password: Smokie@CF

C2

https://mojobiden.com

http://mojobiden.com

https://nowautomation.com

http://nowautomation.com

Attributes
attempt_auth
true
create_mutex
true
encrypt_network_shares
true
exfiltrate
true
mount_volumes
true
rsa_pubkey.base64
aes.base64
Targets
Target

2e50eb85f6e271001e69c5733af95c34728893145766066c5ff8708dcc0e43b2.zip

MD5

f57a2e95937e7727c82b0782e1cdd0d0

Filesize

41KB

Score
4/10
SHA1

570ac30c3c40c62d67ac39e857e840b69908ed16

SHA256

e038bb439a412f1c98d22a9a4726fbe0747a8bbbb48a8d26ac4dcb039f29e53e

SHA512

be171554a26d962445b8a9238abc6faecd2398dc04305730ef44f03418f20971657254f04887c4dbbca87d0a360077cb9e4666747882ba4bdc82e8d567858647

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        behavioral1

                        4/10