General
-
Target
a6903580ab0f4f6e41778b8d20c663b56436ae1dda08a241f3ac22ad329870fb
-
Size
96KB
-
Sample
220124-awyj1aggcn
-
MD5
d7f93757123c79564b540e59ed188974
-
SHA1
723e3879bae0772badef7b058db64dc947a5d8ba
-
SHA256
a6903580ab0f4f6e41778b8d20c663b56436ae1dda08a241f3ac22ad329870fb
-
SHA512
13ca67a8ba4286cc00d8e57deadf39b0de49f8829f28ac13893eb094664c94586d5772da675d016f4d6041927163433b58a93c97babc9ddb5e44b8dbf735db8f
Static task
static1
Behavioral task
behavioral1
Sample
a6903580ab0f4f6e41778b8d20c663b56436ae1dda08a241f3ac22ad329870fb.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
a6903580ab0f4f6e41778b8d20c663b56436ae1dda08a241f3ac22ad329870fb.exe
Resource
win10-en-20211208
Malware Config
Extracted
Family |
blackmatter |
Version |
2.0 |
Botnet |
e4aaffc36f5d5b7d597455eb6d497df5 |
Credentials | Protocol: Host: Port: Username: pklages@spectrumfurniture.com Password: BBis#1ec Protocol: Host: Port: Username: BackupExec@spectrumfurniture.com Password: k8DbBSZYWWnr0QqrILoo Protocol: Host: Port: Username: admin@Northwoods.com Password: Smokie@CF |
C2 |
https://mojobiden.com http://mojobiden.com https://nowautomation.com http://nowautomation.com |
Attributes |
attempt_auth true
create_mutex true
encrypt_network_shares true
exfiltrate true
mount_volumes true |
rsa_pubkey.base64 |
|
aes.base64 |
|
Targets
-
-
Target
a6903580ab0f4f6e41778b8d20c663b56436ae1dda08a241f3ac22ad329870fb
-
Size
96KB
-
MD5
d7f93757123c79564b540e59ed188974
-
SHA1
723e3879bae0772badef7b058db64dc947a5d8ba
-
SHA256
a6903580ab0f4f6e41778b8d20c663b56436ae1dda08a241f3ac22ad329870fb
-
SHA512
13ca67a8ba4286cc00d8e57deadf39b0de49f8829f28ac13893eb094664c94586d5772da675d016f4d6041927163433b58a93c97babc9ddb5e44b8dbf735db8f
Score3/10 -
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation