General
-
Target
eaac447d6ae733210a07b1f79e97eda017a442e721d8fafe618e2c789b18234b.bin.sample
-
Size
79KB
-
Sample
210920-pyr8bsebd8
-
MD5
c958e5710adefbc68f3e0719f48bcf87
-
SHA1
f50429c2e706f65fd3fb62968a74b391e5417e66
-
SHA256
eaac447d6ae733210a07b1f79e97eda017a442e721d8fafe618e2c789b18234b
-
SHA512
f5dbe5cc944d6dccbc085c5344e3a61f8945c838dcbfee0a0fbf69429946fed5db363da621835ffb54ee76eba938f7fd31c73b9a727ab2cf5c554b58bc09258d
Static task
static1
Behavioral task
behavioral1
Sample
eaac447d6ae733210a07b1f79e97eda017a442e721d8fafe618e2c789b18234b.bin.sample.exe
Resource
win7-en-20210916
Behavioral task
behavioral2
Sample
eaac447d6ae733210a07b1f79e97eda017a442e721d8fafe618e2c789b18234b.bin.sample.exe
Resource
win10-en
Malware Config
Extracted
C:\SykSKioSK.README.txt
blackmatter
http://blackmax7su6mbwtcyo3xwtpfxpm356jjqrs34y4crcytpw7mifuedyd.onion/7Fzi2ntSlp/1094de0bf2bc03ac2ac8dc79d118a785
http://supp24yy6a66hwszu2piygicgwzdtbwftb76htfj7vnip3getgqnzxid.onion/9MDXJ6LXOUEK84ALNT
Targets
-
-
Target
eaac447d6ae733210a07b1f79e97eda017a442e721d8fafe618e2c789b18234b.bin.sample
-
Size
79KB
-
MD5
c958e5710adefbc68f3e0719f48bcf87
-
SHA1
f50429c2e706f65fd3fb62968a74b391e5417e66
-
SHA256
eaac447d6ae733210a07b1f79e97eda017a442e721d8fafe618e2c789b18234b
-
SHA512
f5dbe5cc944d6dccbc085c5344e3a61f8945c838dcbfee0a0fbf69429946fed5db363da621835ffb54ee76eba938f7fd31c73b9a727ab2cf5c554b58bc09258d
Score10/10-
BlackMatter Ransomware
BlackMatter ransomware group claims to be Darkside and REvil succesor.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-