General
-
Target
BlackMatterSample.rar
-
Size
36KB
-
Sample
210929-1n8ywagabm
-
MD5
16dfe367a2a6e12636757b16de480d0f
-
SHA1
4d4b4ac4e4bf89e298bba90d2f8f5b93fbc5798f
-
SHA256
b1891a5375198e262dfe6f83a89574e7aa438f41e2853d5d31e101bcec95cbf3
-
SHA512
36a2d5a6b1d30f7409a9195633830a2f91cd228e1dc1e726ee38c5d3c720787301f438220cf430cca3f53e3628458b8bf112a17ff8824390ea5b31e56f7c7151
Static task
static1
Behavioral task
behavioral1
Sample
BlackMatterSample/69e5f8287029bcc65354abefabb6854b4f7183735bd50b2da0624eb3ae252ea8.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
BlackMatterSample/69e5f8287029bcc65354abefabb6854b4f7183735bd50b2da0624eb3ae252ea8.exe
Resource
win10v20210408
Malware Config
Extracted
C:\1rWCqamCt.README.txt
blackmatter
http://supp24yy6a66hwszu2piygicgwzdtbwftb76htfj7vnip3getgqnzxid.onion/YX6RXMC65MRX8LLQ
Targets
-
-
Target
BlackMatterSample/69e5f8287029bcc65354abefabb6854b4f7183735bd50b2da0624eb3ae252ea8
-
Size
82KB
-
MD5
73ec7f773ed33070c979fce8027f4680
-
SHA1
d3eb98283502aeb85340267d1ba110390b77c436
-
SHA256
69e5f8287029bcc65354abefabb6854b4f7183735bd50b2da0624eb3ae252ea8
-
SHA512
6834caf307cd829dd394405985ade89afc41f6dbd53e6807b7af0a8ed8042a3d047f7a67c95bc4919793a20da34087815a35c494b7adcd85cae071be0b335e85
Score10/10-
BlackMatter Ransomware
BlackMatter ransomware group claims to be Darkside and REvil succesor.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-