70344ece62a828c46ff315b3328125d8ab5f6902bbeaa24224fee97142ee6ad9.bin

General
Target

70344ece62a828c46ff315b3328125d8ab5f6902bbeaa24224fee97142ee6ad9.bin

Size

80KB

Sample

211224-wrfpaadger

Score
10 /10
MD5

5b615cfd2ec6aa4f6242197481fc108b

SHA1

fc366c0f83711fed7303b752abf09f2be74e2a15

SHA256

70344ece62a828c46ff315b3328125d8ab5f6902bbeaa24224fee97142ee6ad9

SHA512

6080fa1e08239533e726cae2420b885627e53a7bbf9fd1fad1d2c861ebdf94262f8540f841a8dfa1956148d7601ec7a4a22ef965a0a7776bbb96e8535c6c30fe

Malware Config

Extracted

Family blackmatter
Version 2.0
Botnet a89e0e2e31db3e31a1e7a9630375f437
C2

https://fluentzip.org

http://fluentzip.org

Attributes
attempt_auth
false
create_mutex
true
encrypt_network_shares
true
exfiltrate
true
mount_volumes
true
rsa_pubkey.base64
aes.base64
Targets
Target

70344ece62a828c46ff315b3328125d8ab5f6902bbeaa24224fee97142ee6ad9.bin

MD5

5b615cfd2ec6aa4f6242197481fc108b

Filesize

80KB

Score
5/10
SHA1

fc366c0f83711fed7303b752abf09f2be74e2a15

SHA256

70344ece62a828c46ff315b3328125d8ab5f6902bbeaa24224fee97142ee6ad9

SHA512

6080fa1e08239533e726cae2420b885627e53a7bbf9fd1fad1d2c861ebdf94262f8540f841a8dfa1956148d7601ec7a4a22ef965a0a7776bbb96e8535c6c30fe

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          behavioral1

                          5/10

                          behavioral2

                          5/10