blackmatter | 496cd9b6b6b96d6e781ab011d1d02ac3fc3532c8bdd07cae5d43286da6e4838d

General

Target

496cd9b6b6b96d6e781ab011d1d02ac3fc3532c8bdd07cae5d43286da6e4838d
Size

78KB
MD5

cb1e9e0b57107c1f5cd3569bf268de4f
SHA1

53f0be750671f565019890a35d8463eebc6fddc9
SHA256

496cd9b6b6b96d6e781ab011d1d02ac3fc3532c8bdd07cae5d43286da6e4838d
SHA512

2620215ca9a7ba3cb412c8fc33f2bd6d89e0e61dd70d6bbe1762ccb820b29d2e5f7fd6be06c27328b0d333c5d12ef239d0101dfea23c6025b06110b7a3ad4cb5
SSDEEP

1536:6nICS4ArFnRoHhcVyid9EZZoi+zQK2Vg6N:lZnmqVyq9EN+Mb

Score

10^/10

610e4366504d4d2848359d75d84ec295 blackmatter

Malware Config

Extracted

Family

blackmatter

Version

2.0

Botnet

610e4366504d4d2848359d75d84ec295

C2

https://mojobiden.com

http://mojobiden.com

https://nowautomation.com

http://nowautomation.com

Attributes

attempt_auth
false
create_mutex
true
encrypt_network_shares
true
exfiltrate
true
mount_volumes
true

rsa_pubkey.base64

aes.base64

Signatures

Blackmatter family
blackmatter

Files

496cd9b6b6b96d6e781ab011d1d02ac3fc3532c8bdd07cae5d43286da6e4838d
.exe windows x86

2e4ae81fc349a1616df79a6f5499743f

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SetPixel
SelectPalette
TextOutW
SelectObject
BitBlt
GetTextMetricsW
GetTextColor
CreateFontW
CreateDIBitmap

user32

GetMessageW
EndDialog
DefWindowProcW
CreateWindowExW
CreateMenu

kernel32

GetProcAddress
GetModuleHandleA
GetLocaleInfoW
GetCommandLineW
FormatMessageW

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

2e4ae81fc349a1616df79a6f5499743f

Code Sign

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

kernel32

Sections

.text Size: 66KB - Virtual size: 65KB

.rdata Size: 1024B - Virtual size: 856B

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 66KB - Virtual size: 65KB

.rdata
Size: 1024B - Virtual size: 856B

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 2KB