70344ece62a828c46ff315b3328125d8ab5f6902bbeaa24224fee97142ee6ad9.bin

Target

Size

80KB

Sample

211224-wrfpaadger

Score

10 ^/10

MD5

5b615cfd2ec6aa4f6242197481fc108b

SHA1

fc366c0f83711fed7303b752abf09f2be74e2a15

SHA256

70344ece62a828c46ff315b3328125d8ab5f6902bbeaa24224fee97142ee6ad9

SHA512

6080fa1e08239533e726cae2420b885627e53a7bbf9fd1fad1d2c861ebdf94262f8540f841a8dfa1956148d7601ec7a4a22ef965a0a7776bbb96e8535c6c30fe

Extracted

Family	blackmatter
Version	2.0
Botnet	a89e0e2e31db3e31a1e7a9630375f437
C2	https://fluentzip.org http://fluentzip.org https://fluentzip.org http://fluentzip.org
Attributes	attempt_auth false create_mutex true encrypt_network_shares true exfiltrate true mount_volumes true
rsa_pubkey.base64
aes.base64

Target

70344ece62a828c46ff315b3328125d8ab5f6902bbeaa24224fee97142ee6ad9.bin

MD5

5b615cfd2ec6aa4f6242197481fc108b

Filesize

80KB

Score

5^/10

SHA1

fc366c0f83711fed7303b752abf09f2be74e2a15

SHA256

70344ece62a828c46ff315b3328125d8ab5f6902bbeaa24224fee97142ee6ad9

SHA512

6080fa1e08239533e726cae2420b885627e53a7bbf9fd1fad1d2c861ebdf94262f8540f841a8dfa1956148d7601ec7a4a22ef965a0a7776bbb96e8535c6c30fe

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

a89e0e2e31db3e31a1e7a9630375f437 blackmatter

10^/10

behavioral1

5^/10

behavioral2

5^/10

Extracted

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

static1

behavioral1

behavioral2