Overview

overview

10

Static

static

10

70344ece62...in.dll

windows7_x64

5

70344ece62...in.dll

windows10_x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    70344ece62a828c46ff315b3328125d8ab5f6902bbeaa24224fee97142ee6ad9.bin

  • Size

    80KB

  • Sample

    211224-wrfpaadger

  • MD5

    5b615cfd2ec6aa4f6242197481fc108b

  • SHA1

    fc366c0f83711fed7303b752abf09f2be74e2a15

  • SHA256

    70344ece62a828c46ff315b3328125d8ab5f6902bbeaa24224fee97142ee6ad9

  • SHA512

    6080fa1e08239533e726cae2420b885627e53a7bbf9fd1fad1d2c861ebdf94262f8540f841a8dfa1956148d7601ec7a4a22ef965a0a7776bbb96e8535c6c30fe

Score
10/10
blackmattera89e0e2e31db3e31a1e7a9630375f437

Malware Config

Extracted

Family

blackmatter

Version

2.0

Botnet

a89e0e2e31db3e31a1e7a9630375f437

C2

https://fluentzip.org

http://fluentzip.org
Attributes
  • attempt_auth

    false

  • create_mutex

    true

  • encrypt_network_shares

    true

  • exfiltrate

    true

  • mount_volumes

    true

rsa_pubkey.base64
aes.base64

Targets

    • Target

      70344ece62a828c46ff315b3328125d8ab5f6902bbeaa24224fee97142ee6ad9.bin

    • Size

      80KB

    • MD5

      5b615cfd2ec6aa4f6242197481fc108b

    • SHA1

      fc366c0f83711fed7303b752abf09f2be74e2a15

    • SHA256

      70344ece62a828c46ff315b3328125d8ab5f6902bbeaa24224fee97142ee6ad9

    • SHA512

      6080fa1e08239533e726cae2420b885627e53a7bbf9fd1fad1d2c861ebdf94262f8540f841a8dfa1956148d7601ec7a4a22ef965a0a7776bbb96e8535c6c30fe

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks