Overview

overview

10

Static

static

10

1e87a5dba1...72.elf

windows10-2004-x64

10

6a7b7147fe...02.elf

windows10-2004-x64

3

99296550ab...7d7.sh

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    malware.zip

  • Size

    1.0MB

  • MD5

    f22982d387ab614c0a8733ddccca20a1

  • SHA1

    7dc39f6ff061315f58aa297e08874c902546f63c

  • SHA256

    a40d947d6a1d92c2789968ce0d2e6eb1734e248e2d30828c61a41f4ac840e8a0

  • SHA512

    f606cc5b3e171346b5e311c720521002c7ffc966fc9777b5e203dc26df8bab0f1aafcd8b4fbdf5a77840c065d58908274f74f87099c4a850c909569d3f627c13

  • SSDEEP

    24576:TXvxkvADC8MtLkENh7YAVVVj8jvDgaTDvw5zj2ApS:WvADitLkQYAVVh8jUa8j2B

Score
10/10
bab21ee475b52c0c9eb47d23ec9ba1d1xorddosblackmatter

Malware Config

Extracted

Family

xorddos

C2

http://aa.hostasa.org/config.rar

cdn.cloud2cdn.com:8080
Attributes
  • crc_polynomial

    EDB88320

xor.plain

Extracted

Family

blackmatter

Version

1.6.0.2

Botnet

bab21ee475b52c0c9eb47d23ec9ba1d1

C2

http://paymenthacks.com

http://mojobiden.com
rsa_pubkey.plain
aes.plain

Signatures

  • Blackmatter family
    blackmatter
  • XorDDoS payload 1 IoCs
  • Xorddos family
    xorddos

Files

  • malware.zip
    .zip

    Password: infected

  • 1e87a5dba16588bf91144de1b34a524bc70c39c88bca63f79dd95d3087253d72.zip
    .zip

    Password: infected

  • 1e87a5dba16588bf91144de1b34a524bc70c39c88bca63f79dd95d3087253d72.elf
    .elf linux x86
  • 6a7b7147fea63d77368c73cef205eb75d16ef209a246b05698358a28fd16e502.zip
    .zip

    Password: infected

  • 6a7b7147fea63d77368c73cef205eb75d16ef209a246b05698358a28fd16e502.elf
    .elf linux x64
  • 99296550ab836f29ab7b45f18f1a1cb17a102bb81cad83561f615f3a707887d7.zip
    .zip

    Password: infected

  • 99296550ab836f29ab7b45f18f1a1cb17a102bb81cad83561f615f3a707887d7.sh
    .sh linux