General
-
Target
1eea3cbd729d4493c0c0a84efe6840abf1760efe221dc971d32ca5017b5c19c2.bin.sample
-
Size
81KB
-
Sample
210921-qj8gfahfb5
-
MD5
5a8491587ab0f96ba141ae59365bc911
-
SHA1
1ab2fac4f2dc92893a9f89fc6621f66bd47cb783
-
SHA256
1eea3cbd729d4493c0c0a84efe6840abf1760efe221dc971d32ca5017b5c19c2
-
SHA512
97e760f60e4db99983d05db69776058cf2f2c5ab98adea76000001a94a24f3b23feee4464baa23cf49dfa017e331c3b8b19c9da5b696f961f63cd65fc864c5c7
Static task
static1
Behavioral task
behavioral1
Sample
1eea3cbd729d4493c0c0a84efe6840abf1760efe221dc971d32ca5017b5c19c2.bin.sample.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
1eea3cbd729d4493c0c0a84efe6840abf1760efe221dc971d32ca5017b5c19c2.bin.sample.exe
Resource
win10-en-20210920
Malware Config
Extracted
blackmatter
2.0
04bdf8557fa74ea0e3adbd2975efd274
mepocs
memtas
veeam
svc$
backup
sql
vss
msexchange
-
attempt_auth
true
-
create_mutex
true
-
encrypt_network_shares
true
-
exfiltrate
true
-
mount_volumes
true
Extracted
C:\1rWCqamCt.README.txt
blackmatter
http://supp24yy6a66hwszu2piygicgwzdtbwftb76htfj7vnip3getgqnzxid.onion/A9K0IM6DK7ILWAV908R3
Targets
-
-
Target
1eea3cbd729d4493c0c0a84efe6840abf1760efe221dc971d32ca5017b5c19c2.bin.sample
-
Size
81KB
-
MD5
5a8491587ab0f96ba141ae59365bc911
-
SHA1
1ab2fac4f2dc92893a9f89fc6621f66bd47cb783
-
SHA256
1eea3cbd729d4493c0c0a84efe6840abf1760efe221dc971d32ca5017b5c19c2
-
SHA512
97e760f60e4db99983d05db69776058cf2f2c5ab98adea76000001a94a24f3b23feee4464baa23cf49dfa017e331c3b8b19c9da5b696f961f63cd65fc864c5c7
Score10/10-
BlackMatter Ransomware
BlackMatter ransomware group claims to be Darkside and REvil succesor.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Modify Registry
1Discovery
Query Registry
1System Information Discovery
2Peripheral Device Discovery
1Execution
Exfiltration
Impact
Defacement
1Initial Access
Lateral Movement
Persistence
Privilege Escalation