General
-
Target
6d4712df42ad0982041ef0e2e109ab5718b43830f2966bd9207a7fac3af883db
-
Size
71KB
-
Sample
210825-dx5ygg43dx
-
MD5
10aa058a3ac49e016cad7987b8e09886
-
SHA1
cca6682330a819592c3b1ea0448ceb4e141593dc
-
SHA256
6d4712df42ad0982041ef0e2e109ab5718b43830f2966bd9207a7fac3af883db
-
SHA512
f115fb62b1ca5e18f6340d42ff4393e2b175917312ae1cc14e7a6a9322cf8adaf22457bc8213e2baafdc2cb19d5db1e5a9c003155cbf142d5a08604495e22f6e
Static task
static1
Behavioral task
behavioral1
Sample
6d4712df42ad0982041ef0e2e109ab5718b43830f2966bd9207a7fac3af883db.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
6d4712df42ad0982041ef0e2e109ab5718b43830f2966bd9207a7fac3af883db.exe
Resource
win10v20210408
Malware Config
Extracted
blackmatter
1.6
32bd08ad5e5e881aa2634621d611a1a5
Protocol: smtp- Port:
587 - Username:
[email protected] - Password:
@iep.2013
https://mojobiden.com
http://mojobiden.com
-
attempt_auth
true
-
create_mutex
false
-
encrypt_network_shares
true
-
exfiltrate
true
-
mount_volumes
true
Extracted
C:\1rWCqamCt.README.txt
blackmatter
http://supp24maprinktc7uizgfyqhisx7lkszb6ogh6lwdzpac23w3mh4tvyd.onion/OYPF561W4U8HVA0NLVCKJCZB
Targets
-
-
Target
6d4712df42ad0982041ef0e2e109ab5718b43830f2966bd9207a7fac3af883db
-
Size
71KB
-
MD5
10aa058a3ac49e016cad7987b8e09886
-
SHA1
cca6682330a819592c3b1ea0448ceb4e141593dc
-
SHA256
6d4712df42ad0982041ef0e2e109ab5718b43830f2966bd9207a7fac3af883db
-
SHA512
f115fb62b1ca5e18f6340d42ff4393e2b175917312ae1cc14e7a6a9322cf8adaf22457bc8213e2baafdc2cb19d5db1e5a9c003155cbf142d5a08604495e22f6e
Score10/10-
BlackMatter Ransomware
BlackMatter ransomware group claims to be Darkside and REvil succesor.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-