blackmatter | 26a7146fbed74a17e9f2f18145063de07cc103ce53c75c8d79bbc5560235c345

General

Target

26a7146fbed74a17e9f2f18145063de07cc103ce53c75c8d79bbc5560235c345
Size

80KB
MD5

471db2ef4582dc264ae95d2838f81588
SHA1

b6e130a43134613c45f10f0160090e26ded4dd3c
SHA256

26a7146fbed74a17e9f2f18145063de07cc103ce53c75c8d79bbc5560235c345
SHA512

8319596227fff44191f7cb9b03d7f6b1b20d89f6e7a034773ddd6d631086c609a1caf2f4f53bd89516925427676a75496aef9dd8754a45cd38536bfb856ed7b6
SSDEEP

768:6HVfahoICS4AI4kyPh2qFSpAM0zHTMoXsLipP4+1Kkxwz5m7HEzbDBnpzTN:YnICS4A79p2qFTM2HT02F4mHI5mKlp

Score

10^/10

b61fd808b57c1cab3824a887857bf6a8 blackmatter

Malware Config

Extracted

Family

blackmatter

Version

2.0

Botnet

b61fd808b57c1cab3824a887857bf6a8

Credentials

Username:
administrator@parkhotel
Password:
Silvana7018

C2

https://fluentzip.org

http://fluentzip.org

Attributes

attempt_auth
true
create_mutex
true
encrypt_network_shares
true
exfiltrate
true
mount_volumes
true

rsa_pubkey.base64

aes.base64

Signatures

Blackmatter family
blackmatter

Files

26a7146fbed74a17e9f2f18145063de07cc103ce53c75c8d79bbc5560235c345
.exe windows x86

31485670ea3fb2592f59a341251d0e8c

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetPixel
SetTextColor
SetPixel
SetDCBrushColor
SelectObject
GetTextMetricsW
GetTextColor
GetTextCharset
BitBlt

user32

CreateDialogParamW
CreateMenu
CreateWindowExW
DefWindowProcW
GetDlgItemTextW
GetKeyNameTextW
IsDlgButtonChecked
LoadImageW
LoadMenuW

kernel32

GetFileAttributesW
SetLastError
LoadLibraryW
GetProcAddress
GetModuleHandleA
FreeLibrary
GetDateFormatW
GetCommandLineA
GetAtomNameW

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

31485670ea3fb2592f59a341251d0e8c

Code Sign

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

kernel32

Sections

.text Size: 67KB - Virtual size: 66KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 67KB - Virtual size: 66KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 3KB - Virtual size: 3KB