blackmatter | a5bb65afe22627fbf9526fd316d32c368a986a4d65af31814ef2c18cef18422d[.]zip

Resubmissions

13-11-2022 18:00

221113-wll9wacb66 10

22-09-2022 05:49

220922-gjgt2sabf4 10

21-09-2022 18:45

220921-xefn7aghd5 10

Sharing

Copy URL

Twitter E-mail

General

Target

a5bb65afe22627fbf9526fd316d32c368a986a4d65af31814ef2c18cef18422d.zip
Size

284KB
MD5

d8522e3ab793692681cd49d91cab93db
SHA1

f4cac00d0346c277804d42f843ddfa266eaf4cbd
SHA256

b09403adcaf79f3602815c242b3698e43138156d848ac1b0802232d4afc36154
SHA512

d53847879513f683eb6b7f03180f837a96d5f49ce7f534df4725dccd81236f76d4ff6bc25469d0ba2f839df3d3d8d49eed82a6e22b3ed7bdcd2d07b4cfa10397
SSDEEP

6144:MfUGa0n7gWHAUd6M3aVV2MlunD6xFqU4Mx0KgxMsDyEk:TGasH1d6saX2kU6bqkpgxMGk

Score

10^/10

blackmatter

Malware Config

Extracted

Family

blackmatter

Version

25.239

Signatures

Blackmatter family
blackmatter

Files

a5bb65afe22627fbf9526fd316d32c368a986a4d65af31814ef2c18cef18422d.zip
.zip

Password: infected
a5bb65afe22627fbf9526fd316d32c368a986a4d65af31814ef2c18cef18422d.zip
.zip

Password: infected
LockBit30/Build.bat
LockBit30/builder.exe
.exe windows x86

Password: infected

d2e26e45dcb84f1062f90f29a9cf0faa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxW

kernel32

LoadResource
WriteFile
CreateFileW
ExitProcess
FindResourceW
GetCommandLineW
GetFileSize
GetModuleHandleW
GlobalFree
SizeofResource
LockResource
ReadFile

shell32

CommandLineToArgvW

msvcrt

_wcsicmp
memcpy
memset
sprintf
strchr
strcpy
strlen
strstr
wcscat
wcscpy
wcslen
wcsrchr
localeconv
_stricmp
_strcmpi
tolower
realloc
malloc
free
strtod
strncmp

imagehlp

CheckSumMappedFile

ntdll

RtlFreeHeap
RtlAllocateHeap
NtClose
RtlImageNtHeader

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 438KB - Virtual size: 438KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LockBit30/config.json
LockBit30/keygen.exe
.exe windows x86

Password: infected

73eeda700d0a0376845c61c44155f4a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA

kernel32

GetCurrentDirectoryW
WriteFile
CloseHandle
CreateFileW
ExitProcess
GetCommandLineW
GlobalFree
SetCurrentDirectoryW

shell32

CommandLineToArgvW

msvcrt

_wcsicmp
memcpy
memset
free
fputc
exit
calloc

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Password: infected

Password: infected

d2e26e45dcb84f1062f90f29a9cf0faa

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

shell32

msvcrt

imagehlp

ntdll

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 438KB - Virtual size: 438KB

Password: infected

73eeda700d0a0376845c61c44155f4a8

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

shell32

msvcrt

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 438KB - Virtual size: 438KB

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 2KB