matrix | 9a58fcb6bf71775f7a5f833ea3780cdb67c421def1ff1851adc2061d366e0fdc

General

Target

NWDEiUim.exe
Size

707KB
Sample

210529-fnqr6q6y4n
MD5

a547e8aca98f3566ebd0f48ef2137d71
SHA1

24716beac8d9f8a46331bbe7c1286e727ad4b1be
SHA256

9a58fcb6bf71775f7a5f833ea3780cdb67c421def1ff1851adc2061d366e0fdc
SHA512

bcb590393d88d1481843f03e76f9fdaed30c940493ce854d06c7b67408846be5fa695b8bea6d41d984369ef6a6ee3180ba6fba4cb430587e0f00e61efbac56bf

Score

10^/10

Malware Config

Targets

- Target
  
  NWDEiUim.exe
- Size
  
  707KB
- MD5
  
  a547e8aca98f3566ebd0f48ef2137d71
- SHA1
  
  24716beac8d9f8a46331bbe7c1286e727ad4b1be
- SHA256
  
  9a58fcb6bf71775f7a5f833ea3780cdb67c421def1ff1851adc2061d366e0fdc
- SHA512
  
  bcb590393d88d1481843f03e76f9fdaed30c940493ce854d06c7b67408846be5fa695b8bea6d41d984369ef6a6ee3180ba6fba4cb430587e0f00e61efbac56bf
Score

10^/10

matrix discovery evasion persistence ransomware spyware stealer upx
- Matrix Ransomware
  Targeted ransomware with information collection and encryption functionality.
  ransomware matrix
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Drops file in Drivers directory
- Executes dropped EXE
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Sets service image path in registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Modifies file permissions
  discovery
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2