Overview

overview

10

Static

static

10

9bae897c19...58.zip

windows10-2004-x64

1

Resubmissions

12-04-2023 18:24

230412-w13v6sfe7t 10

12-04-2023 17:51

230412-wfdesafd4y 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9bae897c19f237c22b6bdc024df27455e739be24bed07ef0d409f2df87eeda58.zip

  • Size

    55KB

  • Sample

    230412-w13v6sfe7t

  • MD5

    e816eab637b66ad7f4e85876434a9cc5

  • SHA1

    b649040a311cfff0fe8d021845fc6376ae6b5040

  • SHA256

    0bdce4d960e8b9537fbdcb4a70838be86163f355ba9f4344fd4982536924f27e

  • SHA512

    1dab157df998aa82628c1a92594c7c9bd4f6ec5da7dd20b927844626cf9ad69019625165b00a6db68de0a6096ae0e52b2d75fb113375819063b690f5172ab75b

  • SSDEEP

    1536:rS36U/nQk+TgIDNgCN3og3LzcX0wUDcInxw:SPQ3Tgfg3LAkwQcInxw

Score
10/10
blackmatter4e591a315c54e8800dae714320555fa5

Malware Config

Extracted

Family

blackmatter

Version

3.0

Botnet

4e591a315c54e8800dae714320555fa5

Credentials
  • Username:
    OFMO220@R5-CORE.R5.AIG.NET
  • Password:
    yhU6VJ$&amp
  • Username:
    OSYST93@R5-CORE.R5.AIG.NET
  • Password:
    RPo@ndf9
  • Username:
    OFMO225@R5-CORE.R5.AIG.NET
  • Password:
    DH5U87@rA0ELa2
C2

https://fluentzip.org

http://fluentzip.org
Attributes
  • attempt_auth

    true

  • create_mutex

    true

  • encrypt_network_shares

    true

  • exfiltrate

    true

  • mount_volumes

    true

rsa_pubkey.base64
aes.base64

Targets

    • Target

      9bae897c19f237c22b6bdc024df27455e739be24bed07ef0d409f2df87eeda58.zip

    • Size

      55KB

    • MD5

      e816eab637b66ad7f4e85876434a9cc5

    • SHA1

      b649040a311cfff0fe8d021845fc6376ae6b5040

    • SHA256

      0bdce4d960e8b9537fbdcb4a70838be86163f355ba9f4344fd4982536924f27e

    • SHA512

      1dab157df998aa82628c1a92594c7c9bd4f6ec5da7dd20b927844626cf9ad69019625165b00a6db68de0a6096ae0e52b2d75fb113375819063b690f5172ab75b

    • SSDEEP

      1536:rS36U/nQk+TgIDNgCN3og3LzcX0wUDcInxw:SPQ3Tgfg3LAkwQcInxw

    Score
    1/10
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks