General

  • Target

    bcef5de9b1667dcdded82596b3a2b4b11c8546659f49662bb352d754d869c641

  • Size

    34KB

  • MD5

    6f5c77478795ff7fb9700ed50b334429

  • SHA1

    6803d62254edf3bdd3bc523422ff98e6120b6e5b

  • SHA256

    668a4a2300f36c9df0f7307cc614be3297f036fa312a424765cdb2c169187fe6

  • SHA512

    40e4ffd227443003e0506f8d1fbfbacde54f9bfb5fa6908f05e134ee25217d3c3907d7c981107d642c071063b57253b4727fb6a211d7698a7a9bae2d8beede5f

  • SSDEEP

    768:e5geEbf2rriFVI1kggGVtSMC2F7QGIFFBMterI6ywBuO1s:7E+VYVYMC2F7AoterI6yR2

Malware Config

Extracted

Family

blackmatter

Version

1.2

Botnet

bab21ee475b52c0c9eb47d23ec9ba1d1

C2

https://paymenthacks.com

http://paymenthacks.com

https://mojobiden.com

http://mojobiden.com

Attributes
  • attempt_auth

    false

  • create_mutex

    true

  • encrypt_network_shares

    true

  • exfiltrate

    true

  • mount_volumes

    true

rsa_pubkey.base64
1
TYljrCJVdYl7mK0HyzYX6lzGLalKyQhyzOTlejSyPhbAPFyGdWjlgV1GjsihS0YP/jd3nepoTYeTMmgvfTO51Ihp/dMSmZMgiOI/UY1nWnatg9QfeJseu7Xy6pE/RhAKr5br6pIpwKwWV1SN+/niklqdrFW99QZzfjSDt3M86Xo=
aes.base64
1
hl1vIXvy58/MDxsUeXW0BA==

Signatures

  • Blackmatter family
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

Files

  • bcef5de9b1667dcdded82596b3a2b4b11c8546659f49662bb352d754d869c641
    .exe windows x86


    Headers

    Sections

  • out.upx
    .exe windows x86


    Headers

    Sections

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.