General
-
Target
6601547044782080.zip
-
Size
44KB
-
Sample
211013-ywad6sfagm
-
MD5
c00dd7206db94bf3825145d5d901b3b0
-
SHA1
6befec1a22035d1842e1d826ebce739b4f3d9e39
-
SHA256
6e846881115448d5d4b69bf020fcd5872a0efef56e582f6ac8e3e80ea79b7a55
-
SHA512
27806babe49896fc12667e2cadbf74ba4d312cb985a3d8c9b61225d1c121682abf7de705b28f914b507cd9a304fd58cf272cc82c6e930774404731f9f7109088
Static task
static1
Behavioral task
behavioral1
Sample
730f2d6243055c786d737bae0665267b962c64f57132e9ab401d6e7625c3d0a4.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
730f2d6243055c786d737bae0665267b962c64f57132e9ab401d6e7625c3d0a4.exe
Resource
win10-en-20210920
Malware Config
Extracted
C:\1rWCqamCt.README.txt
blackmatter
http://supp24maprinktc7uizgfyqhisx7lkszb6ogh6lwdzpac23w3mh4tvyd.onion/S2A4H6RGPHHLU1IJRLNTN
Targets
-
-
Target
730f2d6243055c786d737bae0665267b962c64f57132e9ab401d6e7625c3d0a4
-
Size
80KB
-
MD5
5fe6daa399b18058f9b7e58fe31b4131
-
SHA1
1ed39024b03b3490049b4d6f2577ca36e18b405a
-
SHA256
730f2d6243055c786d737bae0665267b962c64f57132e9ab401d6e7625c3d0a4
-
SHA512
31baf91130c7e932068e12fec6dfde7ad283487b9f01b92e64835cf91aba1c4f51602066994a8200b73d219e6ea82929cde1f11ca82fb2a48af90418e57e324c
Score10/10-
BlackMatter Ransomware
BlackMatter ransomware group claims to be Darkside and REvil succesor.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-