blackmatter | a40d947d6a1d92c2789968ce0d2e6eb1734e248e2d30828c61a41f4ac840e8a0

General

Target

malware.zip
Size

1.0MB
Sample

230513-e6cgqsfe46
MD5

f22982d387ab614c0a8733ddccca20a1
SHA1

7dc39f6ff061315f58aa297e08874c902546f63c
SHA256

a40d947d6a1d92c2789968ce0d2e6eb1734e248e2d30828c61a41f4ac840e8a0
SHA512

f606cc5b3e171346b5e311c720521002c7ffc966fc9777b5e203dc26df8bab0f1aafcd8b4fbdf5a77840c065d58908274f74f87099c4a850c909569d3f627c13
SSDEEP

24576:TXvxkvADC8MtLkENh7YAVVVj8jvDgaTDvw5zj2ApS:WvADitLkQYAVVh8jUa8j2B

Score

10^/10

Malware Config

Extracted

Family

xorddos

C2

http://aa.hostasa.org/config.rar

cdn.cloud2cdn.com:8080

Attributes

crc_polynomial
EDB88320

xor.plain

Extracted

Family

blackmatter

Version

1.6.0.2

Botnet

bab21ee475b52c0c9eb47d23ec9ba1d1

C2

http://paymenthacks.com

http://mojobiden.com

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  1e87a5dba16588bf91144de1b34a524bc70c39c88bca63f79dd95d3087253d72.elf
- Size
  
  611KB
- MD5
  
  e7a3aa891e550834f9af4367a564e468
- SHA1
  
  38962368d0b3ea97126372410b101a19c8130532
- SHA256
  
  1e87a5dba16588bf91144de1b34a524bc70c39c88bca63f79dd95d3087253d72
- SHA512
  
  7f5257d7316a864f63ee2b8fed51f97d55ad1b5c1db458a93a57b0cfde0694ff186ef576f9e8c76c96721def61877a0072c51ca7bf5dc5b1dd0b097135c2e9da
- SSDEEP
  
  12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrrUT6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNNUBVEBl/91h
Score

10^/10

xorddos botnet downloader
- XorDDoS
  Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
  botnet downloader xorddos
- XorDDoS payload
behavioral1
- Target
  
  6a7b7147fea63d77368c73cef205eb75d16ef209a246b05698358a28fd16e502.elf
- Size
  
  2.0MB
- MD5
  
  3f9a28e8c057e7ea7ccf15a4db81f362
- SHA1
  
  10d6d3c957facf06098771bf409b9593eea58c75
- SHA256
  
  6a7b7147fea63d77368c73cef205eb75d16ef209a246b05698358a28fd16e502
- SHA512
  
  58a71aeac247d206f023ee29aff81026881e41d3fbd268f7513e3bcd951701a68502361dd717befa79a094eb9fc0caaa9f8770ba83f5c94a8acb9ae0986ee386
- SSDEEP
  
  49152:k5Wy/20shMXR8uUz9cBbLc/6LCM01iNFFB9wO:k5Wy//sO8uDq6
Score

3^/10
behavioral2
- Target
  
  99296550ab836f29ab7b45f18f1a1cb17a102bb81cad83561f615f3a707887d7.sh
- Size
  
  12KB
- MD5
  
  814e7f7f32964cbf5ec91dbb56768da8
- SHA1
  
  be5af1cfa10cee0f20bc725f75cc05ff98278d11
- SHA256
  
  99296550ab836f29ab7b45f18f1a1cb17a102bb81cad83561f615f3a707887d7
- SHA512
  
  d160c2b19132699182d63c1093b7c67a7222ea3cfd01cc56e4aaf63a04f0e2c0fede58c3bd42fa24f3a2049858fda34a447b7982adcd97795170ee9f6acb4f61
- SSDEEP
  
  384:/HebVBNfm1BjfeWBJfiL8EqQusxxlfZrDSYUip2lMeIKBIpcLGcl15D64X:fQ3O1FGWLKAEqpGrDSYfp2lMehu6Ga1B
Score

3^/10
behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

XorDDoS

XorDDoS payload

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3