blackmatter | be5bc29f58b868f4ff8cd66b4526535593e515a697bb8951c625bdfed13cccb7

General

Target

be5bc29f58b868f4ff8cd66b4526535593e515a697bb8951c625bdfed13cccb7
Size

95KB
MD5

75298c9dbf9784fee95782f5db5c3231
SHA1

ea09bf1a3b51f66b41f529615ad78eb4db0c7e8f
SHA256

be5bc29f58b868f4ff8cd66b4526535593e515a697bb8951c625bdfed13cccb7
SHA512

2e54261caaa9ed73b74190e459c6eddec2ba120cb45da4d74c56a0f876565cfe2c232e788a6f6502c27db146380658c695515e2ee7cd67d9aa7be240f0d9a927
SSDEEP

1536:4UICS4ADkFAztzRyxoWtBErqylVxn1Dw3Pv/hpHeooR0:uBkwtdyxoUH4B1+Pnze

Score

10^/10

8894df2a085a1eb900cd9896235efc62 blackmatter

Malware Config

Extracted

Family

blackmatter

Version

3.0

Botnet

8894df2a085a1eb900cd9896235efc62

C2

䟍늶傖娩ⱼڍ쫏䤿䪔頙쭪챏嚘묁痰긯ῡ⧹ꮿ뻝觼ߦ拾ࣗ颅䧜䕤孧뮂㢸꿾抛�ᗅ툲륚㌴鹼韮鹕㥿쪧�嵶販殑핥飈඘夦悠옓惂籤∛彜澗ꨇ糤鮝恷䷮皅቉◖訊揔谝〬銠鑃ɠ楱횽熅탩ꝙ䘡秄䘗쒅翪둅鷛箵癣⛛䄗ꮲ蝷꓿ࡲ섛晱ر⼾뚳暮䀲폂簵幬稘䴻坈࢑戛繆

Attributes

attempt_auth
true
create_mutex
true
encrypt_network_shares
true
exfiltrate
true
mount_volumes
true

rsa_pubkey.base64

aes.base64

Signatures

Blackmatter family
blackmatter

Files

be5bc29f58b868f4ff8cd66b4526535593e515a697bb8951c625bdfed13cccb7
.exe windows x86

b5f7572a69026027aaf438fad3024477

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SetTextColor
SetPixel
SelectObject
CreateSolidBrush

user32

LoadMenuW
GetWindowTextW
GetDlgItem
DefWindowProcW
CreateMenu
GetKeyNameTextW
LoadImageW

kernel32

GetLastError
LoadLibraryW
LoadLibraryExA
GetTickCount
GetProcAddress
GetDateFormatW
FreeLibrary
FormatMessageW
GetModuleHandleA

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

b5f7572a69026027aaf438fad3024477

Code Sign

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

kernel32

Sections

.text Size: 73KB - Virtual size: 72KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 13KB - Virtual size: 15KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 73KB - Virtual size: 72KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 13KB - Virtual size: 15KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 3KB - Virtual size: 2KB