matrix | ef03ec9954d9643d8d65afc0ace38dae463f1a626584455245f1f733b4991f4a

General

Target

ef03ec9954d9643d8d65afc0ace38dae463f1a626584455245f1f733b4991f4a
Size

1.2MB
Sample

201008-yhnf4sv9cn
MD5

0e527383dc50b48d63183e1176c4d79e
SHA1

c1437130dd774db14dd16c45771e7e1a484d5ee5
SHA256

ef03ec9954d9643d8d65afc0ace38dae463f1a626584455245f1f733b4991f4a
SHA512

58a3edde62268c34b2577530b520559c8c8f4f085210703c59c75442b9162e396ea38973302afc3e54d6d546ccd7b246650b4e9aef137d7b7787ab3354aec457

Score

10^/10

Malware Config

Targets

- Target
  
  ef03ec9954d9643d8d65afc0ace38dae463f1a626584455245f1f733b4991f4a
- Size
  
  1.2MB
- MD5
  
  0e527383dc50b48d63183e1176c4d79e
- SHA1
  
  c1437130dd774db14dd16c45771e7e1a484d5ee5
- SHA256
  
  ef03ec9954d9643d8d65afc0ace38dae463f1a626584455245f1f733b4991f4a
- SHA512
  
  58a3edde62268c34b2577530b520559c8c8f4f085210703c59c75442b9162e396ea38973302afc3e54d6d546ccd7b246650b4e9aef137d7b7787ab3354aec457
Score

10^/10

matrix discovery evasion persistence ransomware spyware upx
- Matrix Ransomware
  Targeted ransomware with information collection and encryption functionality.
  ransomware matrix
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Drops file in Drivers directory
- Executes dropped EXE
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Sets service image path in registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Modifies file permissions
  discovery
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2