blackmatter | 3317daace715dc332622d883091cf68b | Triage

Sharing

General

Target

3317daace715dc332622d883091cf68b
Size

72KB
MD5

3317daace715dc332622d883091cf68b
SHA1

02fa74523198ebc1db490bdc6f10a78a44c4e28b
SHA256

e4fd947a781611c85ea2e5afa51b186de7f351026c28eb067ad70028acd72cda
SHA512

2739769ddd079b6555ebb84204f46bf94317ef5351734bd2aad74b1ad53738f92e3e278ea74b22f9b17db2219e01c963e694e6e1aec52a6089eaba394ef331b2
SSDEEP

1536:BICS4AgxwhjEO3r825exqkHYnKeGsXqsMt:q2SN3mxYnKr

Score

10^/10

0c6ca0532355a106258791f50b66c153 blackmatter

Malware Config

Extracted

Family

blackmatter

Version

1.6

Botnet

0c6ca0532355a106258791f50b66c153

Attributes

attempt_auth
false
create_mutex
false
encrypt_network_shares
true
exfiltrate
false
mount_volumes
true

rsa_pubkey.base64

aes.base64

Signatures

Blackmatter family
blackmatter
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

3317daace715dc332622d883091cf68b

Files

3317daace715dc332622d883091cf68b
.exe windows:5 windows x86 arch:x86

96c0c982709316e2c58b11a3c2b057ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

TextOutW
SetDCBrushColor
GetTextMetricsW
GetDeviceCaps

user32

CreateMenu
DialogBoxParamW
GetDlgItem
GetDlgItemTextW
GetWindowTextW
LoadImageW
LoadMenuW

kernel32

SetLastError
GetProcAddress
GetLastError
GetCommandLineW

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 764B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ