blackmatter | 1dd464cbb3fbd6881eef3f05b8b1fbd5

General

Target

1dd464cbb3fbd6881eef3f05b8b1fbd5
Size

72KB
MD5

1dd464cbb3fbd6881eef3f05b8b1fbd5
SHA1

cafd8d20f2abaebbbfc367b4b4512107362f3758
SHA256

b824bbc645f15e213b4cb2628f7d383e9e37282059b03f6fe60f7c84ea1fed1f
SHA512

1564fffe28c2b7c2b18c35d68e3e254106620b2c3b7b5f41b95cfbb3a2cf0d9c42616d670b4060d09129ff18f0148c03e00bbd205f9d10697b265109a43d053c
SSDEEP

1536:yICS4AgxwhjEO3r825exqkHYnKeGsXqsMt:R2SN3mxYnKr

Score

10^/10

0c6ca0532355a106258791f50b66c153 blackmatter

Malware Config

Extracted

Family

blackmatter

Version

1.6

Botnet

0c6ca0532355a106258791f50b66c153

Attributes

attempt_auth
false
create_mutex
false
encrypt_network_shares
true
exfiltrate
false
mount_volumes
true

rsa_pubkey.base64

aes.base64

Signatures

Blackmatter family
blackmatter

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1dd464cbb3fbd6881eef3f05b8b1fbd5

Files

1dd464cbb3fbd6881eef3f05b8b1fbd5
.exe windows:5 windows x86 arch:x86

96c0c982709316e2c58b11a3c2b057ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

TextOutW
SetDCBrushColor
GetTextMetricsW
GetDeviceCaps

user32

CreateMenu
DialogBoxParamW
GetDlgItem
GetDlgItemTextW
GetWindowTextW
LoadImageW
LoadMenuW

kernel32

SetLastError
GetProcAddress
GetLastError
GetCommandLineW

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 764B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

96c0c982709316e2c58b11a3c2b057ce

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

kernel32

Sections

.text Size: 59KB - Virtual size: 59KB

.rdata Size: 1024B - Virtual size: 764B

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 59KB - Virtual size: 59KB

.rdata
Size: 1024B - Virtual size: 764B

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 2KB