General

  • Target

    a6903580ab0f4f6e41778b8d20c663b56436ae1dda08a241f3ac22ad329870fb

  • Size

    96KB

  • Sample

    220124-awyj1aggcn

  • MD5

    d7f93757123c79564b540e59ed188974

  • SHA1

    723e3879bae0772badef7b058db64dc947a5d8ba

  • SHA256

    a6903580ab0f4f6e41778b8d20c663b56436ae1dda08a241f3ac22ad329870fb

  • SHA512

    13ca67a8ba4286cc00d8e57deadf39b0de49f8829f28ac13893eb094664c94586d5772da675d016f4d6041927163433b58a93c97babc9ddb5e44b8dbf735db8f

Malware Config

Extracted

Family

blackmatter

Version

2.0

Botnet

e4aaffc36f5d5b7d597455eb6d497df5

Credentials

Protocol:

Host:

Port:

Username: pklages@spectrumfurniture.com

Password: BBis#1ec

Protocol:

Host:

Port:

Username: BackupExec@spectrumfurniture.com

Password: k8DbBSZYWWnr0QqrILoo

Protocol:

Host:

Port:

Username: admin@Northwoods.com

Password: Smokie@CF

C2

https://mojobiden.com

http://mojobiden.com

https://nowautomation.com

http://nowautomation.com

Attributes
attempt_auth
true
create_mutex
true
encrypt_network_shares
true
exfiltrate
true
mount_volumes
true
rsa_pubkey.base64
aes.base64

Targets

    • Target

      a6903580ab0f4f6e41778b8d20c663b56436ae1dda08a241f3ac22ad329870fb

    • Size

      96KB

    • MD5

      d7f93757123c79564b540e59ed188974

    • SHA1

      723e3879bae0772badef7b058db64dc947a5d8ba

    • SHA256

      a6903580ab0f4f6e41778b8d20c663b56436ae1dda08a241f3ac22ad329870fb

    • SHA512

      13ca67a8ba4286cc00d8e57deadf39b0de49f8829f28ac13893eb094664c94586d5772da675d016f4d6041927163433b58a93c97babc9ddb5e44b8dbf735db8f

    Score
    3/10

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation