Analysis Overview
score
10/10
SHA256
58a856e39db5fe3055f7da6994222cdfbb4d67b5b88935f9fd51ca4241d7bb28
Threat Level: Known bad
The file blackmatter (1) (1).zip was found to be: Known bad.
Malicious Activity Summary
Blackmatter family
Deletes itself
Reads CPU attributes
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-10-11 02:49
Signatures
Blackmatter family
Analysis: behavioral1
Detonation Overview
Submitted
2023-10-11 02:49
Reported
2023-10-11 02:51
Platform
ubuntu1804-amd64-20230831-en
Max time kernel
23s
Max time network
99s
Command Line
[/tmp/6a7b7147fea63d77368c73cef205eb75d16ef209a246b05698358a28fd16e502.elf]
Signatures
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/online | N/A | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/.DBFD055C-9CF2-4BB8-908E-6DA22321BF17 | /tmp/6a7b7147fea63d77368c73cef205eb75d16ef209a246b05698358a28fd16e502.elf | N/A |
| File opened for modification | /tmp/main.log | N/A | N/A |
Processes
/tmp/6a7b7147fea63d77368c73cef205eb75d16ef209a246b05698358a28fd16e502.elf
[/tmp/6a7b7147fea63d77368c73cef205eb75d16ef209a246b05698358a28fd16e502.elf]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | mojobiden.com | udp |
| US | 1.1.1.1:53 | paymenthacks.com | udp |
Files
/tmp/.DBFD055C-9CF2-4BB8-908E-6DA22321BF17
| MD5 | 7da043d3a1266b4758132618e90766c3 |
| SHA1 | 9f82e2fb9bbf2365c3121ee4ae0869eb91db0f11 |
| SHA256 | 10fe217426ff1edfa8c796d69f79194f2d0339f84c0debe301e1ecf95ba9bb6a |
| SHA512 | 8591bed60bc356d34bb8afea0c8992b1207ed4503825a1352b8070f2b7d8a0e67b9f85d9da09585d0f33d235ad508781c1d2f21335697f4774f93444ec5b0cb8 |
/tmp/main.log
| MD5 | 55cb935eeb23f1f04d314a8b246fce0b |
| SHA1 | 5fb328949c20e198d8d10b35d125a5b26b9475c3 |
| SHA256 | ac17bd6914876ee766bf859376b0a75100bcb8e095bb3ad1b1c22369d49118a7 |
| SHA512 | e3cbab5510f62450f50088c2080377ca526413ae7c689b84a04a16ee020e2a57676b36ae8ec916797233e1f0df2d1a74484eeb102f205df4399545d8ff2870b7 |