blackmatter | 83b5eed2bc3b182170fd40ec8b8f5867_JaffaCakes118

General

Target

83b5eed2bc3b182170fd40ec8b8f5867_JaffaCakes118
Size

80KB
MD5

83b5eed2bc3b182170fd40ec8b8f5867
SHA1

b4072bc41d10a822f0ca63094dd30eae6fa008a2
SHA256

fe2b2beeff98cae90f58a5b2f01dab31eaa98d274757a7dd9f70f4dc8432a6e2
SHA512

0c108e05c59831ee963122e2e77df1eb6ed8e0fd96f3b33fd1d1719447099144601cc3e28338bf6929933e80b885e3329f322f1831ed313e0859258484d48e16
SSDEEP

1536:nnICS4A79p2qFTM2HT02F4mHI5mF7O3p6R9:0pOqFQ2HT025HI56

Score

10^/10

d0e84579a05c8e92e95eee8f5d0000e5 blackmatter

Malware Config

Extracted

Family

blackmatter

Version

2.0

Botnet

d0e84579a05c8e92e95eee8f5d0000e5

Credentials

Username:
[email protected]
Password:
Mouseman02

C2

https://fluentzip.org

http://fluentzip.org

Attributes

attempt_auth
true
create_mutex
true
encrypt_network_shares
true
exfiltrate
true
mount_volumes
true

rsa_pubkey.base64

aes.base64

Signatures

Blackmatter family
blackmatter

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
83b5eed2bc3b182170fd40ec8b8f5867_JaffaCakes118

Files

83b5eed2bc3b182170fd40ec8b8f5867_JaffaCakes118
.exe windows:5 windows x86 arch:x86

31485670ea3fb2592f59a341251d0e8c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetPixel
SetTextColor
SetPixel
SetDCBrushColor
SelectObject
GetTextMetricsW
GetTextColor
GetTextCharset
BitBlt

user32

CreateDialogParamW
CreateMenu
CreateWindowExW
DefWindowProcW
GetDlgItemTextW
GetKeyNameTextW
IsDlgButtonChecked
LoadImageW
LoadMenuW

kernel32

GetFileAttributesW
SetLastError
LoadLibraryW
GetProcAddress
GetModuleHandleA
FreeLibrary
GetDateFormatW
GetCommandLineA
GetAtomNameW

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

31485670ea3fb2592f59a341251d0e8c

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

kernel32

Sections

.text Size: 67KB - Virtual size: 66KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 67KB - Virtual size: 66KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 3KB