blackmatter | 10aa058a3ac49e016cad7987b8e09886

General

Target

10aa058a3ac49e016cad7987b8e09886
Size

71KB
MD5

10aa058a3ac49e016cad7987b8e09886
SHA1

cca6682330a819592c3b1ea0448ceb4e141593dc
SHA256

6d4712df42ad0982041ef0e2e109ab5718b43830f2966bd9207a7fac3af883db
SHA512

f115fb62b1ca5e18f6340d42ff4393e2b175917312ae1cc14e7a6a9322cf8adaf22457bc8213e2baafdc2cb19d5db1e5a9c003155cbf142d5a08604495e22f6e
SSDEEP

768:VjjjjjjjjjDahoICS4AIbxCJhjZeO3r825CiqxLbMnkHYnvizKktsLFYXg/ripMX:NICS4AgxwhjEO3r825exqkHYnKevTiO

Score

10^/10

32bd08ad5e5e881aa2634621d611a1a5 blackmatter

Malware Config

Extracted

Family

blackmatter

Version

1.6

Botnet

32bd08ad5e5e881aa2634621d611a1a5

Credentials

Username:
[email protected]
Password:
@iep.2013

C2

https://mojobiden.com

http://mojobiden.com

Attributes

attempt_auth
true
create_mutex
false
encrypt_network_shares
true
exfiltrate
true
mount_volumes
true

rsa_pubkey.base64

aes.base64

Signatures

Blackmatter family
blackmatter

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10aa058a3ac49e016cad7987b8e09886

Files

10aa058a3ac49e016cad7987b8e09886
.exe windows:5 windows x86 arch:x86

96c0c982709316e2c58b11a3c2b057ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

TextOutW
SetDCBrushColor
GetTextMetricsW
GetDeviceCaps

user32

CreateMenu
DialogBoxParamW
GetDlgItem
GetDlgItemTextW
GetWindowTextW
LoadImageW
LoadMenuW

kernel32

SetLastError
GetProcAddress
GetLastError
GetCommandLineW

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 764B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

96c0c982709316e2c58b11a3c2b057ce

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

kernel32

Sections

.text Size: 59KB - Virtual size: 59KB

.rdata Size: 1024B - Virtual size: 764B

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 59KB - Virtual size: 59KB

.rdata
Size: 1024B - Virtual size: 764B

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 2KB