General
-
Target
9bae897c19f237c22b6bdc024df27455e739be24bed07ef0d409f2df87eeda58.zip
-
Size
55KB
-
MD5
e816eab637b66ad7f4e85876434a9cc5
-
SHA1
b649040a311cfff0fe8d021845fc6376ae6b5040
-
SHA256
0bdce4d960e8b9537fbdcb4a70838be86163f355ba9f4344fd4982536924f27e
-
SHA512
1dab157df998aa82628c1a92594c7c9bd4f6ec5da7dd20b927844626cf9ad69019625165b00a6db68de0a6096ae0e52b2d75fb113375819063b690f5172ab75b
-
SSDEEP
1536:rS36U/nQk+TgIDNgCN3og3LzcX0wUDcInxw:SPQ3Tgfg3LAkwQcInxw
Score
10/10
Malware Config
Extracted
Family
blackmatter
Version
3.0
Botnet
4e591a315c54e8800dae714320555fa5
Credentials
- Username:
[email protected] - Password:
yhU6VJ$&
- Username:
[email protected] - Password:
RPo@ndf9
- Username:
[email protected] - Password:
DH5U87@rA0ELa2
C2
https://fluentzip.org
http://fluentzip.org
Attributes
-
attempt_auth
true
-
create_mutex
true
-
encrypt_network_shares
true
-
exfiltrate
true
-
mount_volumes
true
rsa_pubkey.base64
aes.base64
Signatures
-
Blackmatter family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
9bae897c19f237c22b6bdc024df27455e739be24bed07ef0d409f2df87eeda58.zip
Password: infected
-
9bae897c19f237c22b6bdc024df27455e739be24bed07ef0d409f2df87eeda58.exe
b5f7572a69026027aaf438fad3024477
Headers
Imports
Sections