General

  • Target

    5942061881262080.zip

  • Size

    38KB

  • MD5

    021b0cce009d779a52e3cd5af87b0834

  • SHA1

    d235ab9413d85d278e433607991967ba38cb180a

  • SHA256

    8054703867c085df33ce855a96741cc540f67bed604a1eb04bb025ac45c0f9e4

  • SHA512

    38d2253d624f9d508525601e78cac61864fcc9abde391203e875a54f2bb96a6b770f8809115686357230a662af163d10dcd403c74560cada03b2655d3b771f84

  • SSDEEP

    768:Ap3a46wm14z/uqUb+3GayzOzCSY4g5lenUzmKyssM5i9DoH5gQ0qfqYGD:S3aFwY4z/bUC2ayz9b4gjenUaKyDQcDH

Malware Config

Extracted

Family

blackmatter

Version

1.2

Botnet

512478c08dada2af19e49808fbda5b0b

Credentials
  • Username:
    aheisler@hhcp.com
  • Password:
    120Heisler
  • Username:
    dsmith@hhcp.com
  • Password:
    Tesla2019
  • Username:
    administrator@hhcp.com
  • Password:
    iteam8**
C2

https://paymenthacks.com

http://paymenthacks.com

https://mojobiden.com

http://mojobiden.com

Attributes
  • attempt_auth

    true

  • create_mutex

    true

  • encrypt_network_shares

    true

  • exfiltrate

    true

  • mount_volumes

    true

rsa_pubkey.base64
aes.base64

Signatures

Files

  • 5942061881262080.zip
    .zip

    Password: infected

  • c28b42b74bb45bd64c3be27b2b496efc5067a17efb53e1c740bd48798ff12503
    .zip

    Password: infected

  • entry_1_0/Malware_111113.exe
    .exe windows x86

    c94b1566bf307396953c849ef18f9857


    Code Sign

    Headers

    Imports

    Sections

  • manifest.json