Malware Analysis Report

2024-10-16 03:21

Sample ID 231018-jr9wxacd8z
Target 6a7b7147fea63d77368c73cef205eb75d16ef209a246b05698358a28fd16e502.zip
SHA256 f2f6174d69add2c99656feb9b7ba431ede3781c3675573ff3b6db2bcaba952fc
Tags
bab21ee475b52c0c9eb47d23ec9ba1d1 blackmatter
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f2f6174d69add2c99656feb9b7ba431ede3781c3675573ff3b6db2bcaba952fc

Threat Level: Known bad

The file 6a7b7147fea63d77368c73cef205eb75d16ef209a246b05698358a28fd16e502.zip was found to be: Known bad.

Malicious Activity Summary

bab21ee475b52c0c9eb47d23ec9ba1d1 blackmatter

Blackmatter family

Deletes itself

Reads CPU attributes

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-10-18 07:55

Signatures

Blackmatter family

blackmatter

Analysis: behavioral1

Detonation Overview

Submitted

2023-10-18 07:55

Reported

2023-10-18 07:58

Platform

ubuntu1804-amd64-20230831-en

Max time kernel

3s

Max time network

106s

Command Line

[/tmp/6a7b7147fea63d77368c73cef205eb75d16ef209a246b05698358a28fd16e502.elf]

Signatures

Deletes itself

Description Indicator Process Target
N/A N/A N/A N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online N/A N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/.DBFD055C-9CF2-4BB8-908E-6DA22321BF17 /tmp/6a7b7147fea63d77368c73cef205eb75d16ef209a246b05698358a28fd16e502.elf N/A
File opened for modification /tmp/main.log N/A N/A

Processes

/tmp/6a7b7147fea63d77368c73cef205eb75d16ef209a246b05698358a28fd16e502.elf

[/tmp/6a7b7147fea63d77368c73cef205eb75d16ef209a246b05698358a28fd16e502.elf]

Network

Country Destination Domain Proto
US 1.1.1.1:53 mojobiden.com udp
US 15.197.148.33:80 mojobiden.com tcp
US 1.1.1.1:53 paymenthacks.com udp

Files

/tmp/.DBFD055C-9CF2-4BB8-908E-6DA22321BF17

MD5 bf25b4d299ce95f2080acc5d231378f4
SHA1 cedfa4d596db7e5001a94d5705aa02813896003a
SHA256 5cd16be4700a8dc9e5fa233d8c4a2667f318f21c15d9b8c64791d5d15e9539d0
SHA512 3add29ccc16fa3db082d46bf8d4b782068a44405a0cfe07033be45d8932c22ded5d4616243d9510f0c3ea2d87980d3f23d3c778643357a59cfeafa9c2f82ccba

/tmp/main.log

MD5 61b24ddd77ef57516e7738e4998eb3dc
SHA1 569532db22f84c3e9054e76a3271097bb82773c1
SHA256 a31847afc45f56fabd921fe70bc8dd50e76ce845634696b8e3c34436304f6f10
SHA512 f8229ed9c48dc5c9b08fef7fb90bb8264ba7610f588189747fe39f752e18993b1792c180f3ba208cd49f7d9e079eb72b22bab6ef620dac58bc1b375eab3ee5c6