blackmatter | e88479a6a059eb522d2fec40fe2e1a88

General

Target

e88479a6a059eb522d2fec40fe2e1a88
Size

80KB
MD5

e88479a6a059eb522d2fec40fe2e1a88
SHA1

4bea73917d60c7b09c3f74ca2b1c80f27492b15f
SHA256

ccee26ea662c87a6c3171b091044282849cc8d46d4b9b9da6cf429b8114c4239
SHA512

40e9533188e2b76e27e095c8141851fa7dcddf85ddd686494ada2a48978ea429e6f507a0504a545c79df7dfcdd516ce162e5893704018a4a23c4fd5ae7ad9bc8
SSDEEP

1536:unICS4A79p2qFTM2HT02F4mHI5mCTXOuZr:JpOqFQ2HT025HuTXN

Score

10^/10

58c572785e542f3750b57601df612fc4 blackmatter

Malware Config

Extracted

Family

blackmatter

Version

2.0

Botnet

58c572785e542f3750b57601df612fc4

Attributes

attempt_auth
false
create_mutex
false
encrypt_network_shares
true
exfiltrate
false
mount_volumes
true

rsa_pubkey.base64

aes.base64

Signatures

Blackmatter family
blackmatter

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e88479a6a059eb522d2fec40fe2e1a88

Files

e88479a6a059eb522d2fec40fe2e1a88
.exe windows:5 windows x86 arch:x86

31485670ea3fb2592f59a341251d0e8c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetPixel
SetTextColor
SetPixel
SetDCBrushColor
SelectObject
GetTextMetricsW
GetTextColor
GetTextCharset
BitBlt

user32

CreateDialogParamW
CreateMenu
CreateWindowExW
DefWindowProcW
GetDlgItemTextW
GetKeyNameTextW
IsDlgButtonChecked
LoadImageW
LoadMenuW

kernel32

GetFileAttributesW
SetLastError
LoadLibraryW
GetProcAddress
GetModuleHandleA
FreeLibrary
GetDateFormatW
GetCommandLineA
GetAtomNameW

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

31485670ea3fb2592f59a341251d0e8c

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

kernel32

Sections

.text Size: 67KB - Virtual size: 66KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 67KB - Virtual size: 66KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 3KB