Resubmissions

30-01-2024 15:55

240130-tcqvlaagbq 10

29-01-2024 23:52

240129-3wytzsegen 10

29-01-2024 23:50

240129-3vl4ssdca6 10

General

  • Target

    Windows.Encryptor.bin

  • Size

    66KB

  • MD5

    ba375d0625001102fc1f2ccb6f582d91

  • SHA1

    379ebd1eff6f8685f4ff72657626bf6df5383d87

  • SHA256

    c6e2ef30a86baa670590bd21acf5b91822117e0cbe6060060bc5fe0182dace99

  • SHA512

    795b10a638e289729192de6a6d9964b5ad3b8084f84d58da077ca8ec08c8b8cb1acadb5240962d4ccacf66242bab1430923fc77bdbbfacd0badd64df2ba1487f

  • SSDEEP

    1536:HzICS4AT6GxdEe+TOdincJXvKvWLBjkl:4R7auJXSOhC

Malware Config

Extracted

Family

blackmatter

Version

1.2

Botnet

bab21ee475b52c0c9eb47d23ec9ba1d1

C2

https://paymenthacks.com

http://paymenthacks.com

https://mojobiden.com

http://mojobiden.com

Attributes
  • attempt_auth

    false

  • create_mutex

    true

  • encrypt_network_shares

    true

  • exfiltrate

    true

  • mount_volumes

    true

rsa_pubkey.base64
aes.base64

Signatures

  • Blackmatter family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Windows.Encryptor.bin
    .exe windows:5 windows x86 arch:x86

    Password: infected

    c94b1566bf307396953c849ef18f9857


    Headers

    Imports

    Sections