General
-
Target
520bd9ed608c668810971dbd51184c6a29819674280b018dc4027bc38fc42e57
-
Size
78KB
-
Sample
210818-plt6eyj47e
-
MD5
50c4970003a84cab1bf2634631fe39d7
-
SHA1
721a749cbd6afcd765e07902c17d5ab949b04e4a
-
SHA256
520bd9ed608c668810971dbd51184c6a29819674280b018dc4027bc38fc42e57
-
SHA512
fb210c92f7d1be9f9361b11dffd30fac78eeaadabf844a78a7dad00169f994d089c1cf4a037d6a1b82fddf35a6bfa34b8cbf216ce1786f407dfc015c72533504
Static task
static1
Behavioral task
behavioral1
Sample
520bd9ed608c668810971dbd51184c6a29819674280b018dc4027bc38fc42e57.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
520bd9ed608c668810971dbd51184c6a29819674280b018dc4027bc38fc42e57.exe
Resource
win10v20210408
Malware Config
Extracted
blackmatter
2.0
24483508bccfe72e63b26a1233058170
https://mojobiden.com
http://mojobiden.com
-
attempt_auth
false
-
create_mutex
true
-
encrypt_network_shares
true
-
exfiltrate
true
-
mount_volumes
true
Extracted
C:\tgln8vJnC.README.txt
blackmatter
http://supp24yy6a66hwszu2piygicgwzdtbwftb76htfj7vnip3getgqnzxid.onion/0JOA98TDMXLHJ77VDOO
Targets
-
-
Target
520bd9ed608c668810971dbd51184c6a29819674280b018dc4027bc38fc42e57
-
Size
78KB
-
MD5
50c4970003a84cab1bf2634631fe39d7
-
SHA1
721a749cbd6afcd765e07902c17d5ab949b04e4a
-
SHA256
520bd9ed608c668810971dbd51184c6a29819674280b018dc4027bc38fc42e57
-
SHA512
fb210c92f7d1be9f9361b11dffd30fac78eeaadabf844a78a7dad00169f994d089c1cf4a037d6a1b82fddf35a6bfa34b8cbf216ce1786f407dfc015c72533504
Score10/10-
BlackMatter Ransomware
BlackMatter ransomware group claims to be Darkside and REvil succesor.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-