Overview

overview

10

Static

static

10

3a72653053...59.exe

windows10-2004-x64

7

Resubmissions

26-01-2024 12:53

240126-p4mvssfdhn 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3a7265305386f955adbeb6bd7c711f03395963ac36be82e5bb6b1d7b2034c859.exe

  • Size

    113KB

  • Sample

    240414-pknyrabe31

  • MD5

    8ec61d16929bead775917210565d5270

  • SHA1

    471389556e47d43f54c559ce87bc4e24183efd3a

  • SHA256

    31037bf5c4950c7ff153b0165da0e48d67535a5b76fae73f56c74b7fbb650567

  • SHA512

    425629bb14368425ecfb6347a717d1fbd90a184906deb9512ea992ebf32eb32450c11b427d367e83ba46ed20a6f9adba66fc8451830290f8d3a4e22236e927c3

  • SSDEEP

    1536:9zICS4AT6GxdEe+TOdincJXvKvtZgZM2HT02F4mHI5PsOqy:uR7auJXS1Zgu2HT025Hs

Score
10/10
blackmatter512478c08dada2af19e49808fbda5b0b

Malware Config

Extracted

Family

blackmatter

Version

1.2

Botnet

512478c08dada2af19e49808fbda5b0b

Credentials
C2

https://paymenthacks.com

http://paymenthacks.com

https://mojobiden.com

http://mojobiden.com
Attributes
  • attempt_auth

    true

  • create_mutex

    true

  • encrypt_network_shares

    true

  • exfiltrate

    true

  • mount_volumes

    true

rsa_pubkey.base64
aes.base64

Targets

    • Target

      3a7265305386f955adbeb6bd7c711f03395963ac36be82e5bb6b1d7b2034c859.exe

    • Size

      113KB

    • MD5

      8ec61d16929bead775917210565d5270

    • SHA1

      471389556e47d43f54c559ce87bc4e24183efd3a

    • SHA256

      31037bf5c4950c7ff153b0165da0e48d67535a5b76fae73f56c74b7fbb650567

    • SHA512

      425629bb14368425ecfb6347a717d1fbd90a184906deb9512ea992ebf32eb32450c11b427d367e83ba46ed20a6f9adba66fc8451830290f8d3a4e22236e927c3

    • SSDEEP

      1536:9zICS4AT6GxdEe+TOdincJXvKvtZgZM2HT02F4mHI5PsOqy:uR7auJXS1Zgu2HT025Hs

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks