General
-
Target
fe2b2beeff98cae90f58a5b2f01dab31eaa98d274757a7dd9f70f4dc8432a6e2.bin.sample
-
Size
80KB
-
Sample
211019-q9te7sfhf7
-
MD5
83b5eed2bc3b182170fd40ec8b8f5867
-
SHA1
b4072bc41d10a822f0ca63094dd30eae6fa008a2
-
SHA256
fe2b2beeff98cae90f58a5b2f01dab31eaa98d274757a7dd9f70f4dc8432a6e2
-
SHA512
0c108e05c59831ee963122e2e77df1eb6ed8e0fd96f3b33fd1d1719447099144601cc3e28338bf6929933e80b885e3329f322f1831ed313e0859258484d48e16
Static task
static1
Behavioral task
behavioral1
Sample
fe2b2beeff98cae90f58a5b2f01dab31eaa98d274757a7dd9f70f4dc8432a6e2.bin.sample.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
fe2b2beeff98cae90f58a5b2f01dab31eaa98d274757a7dd9f70f4dc8432a6e2.bin.sample.exe
Resource
win10-en-20211014
Malware Config
Extracted
C:\chkvc3MvG.README.txt
blackmatter
http://supp24yy6a66hwszu2piygicgwzdtbwftb76htfj7vnip3getgqnzxid.onion/5PRYG0PCO2OW528IDWU3VFPE
Targets
-
-
Target
fe2b2beeff98cae90f58a5b2f01dab31eaa98d274757a7dd9f70f4dc8432a6e2.bin.sample
-
Size
80KB
-
MD5
83b5eed2bc3b182170fd40ec8b8f5867
-
SHA1
b4072bc41d10a822f0ca63094dd30eae6fa008a2
-
SHA256
fe2b2beeff98cae90f58a5b2f01dab31eaa98d274757a7dd9f70f4dc8432a6e2
-
SHA512
0c108e05c59831ee963122e2e77df1eb6ed8e0fd96f3b33fd1d1719447099144601cc3e28338bf6929933e80b885e3329f322f1831ed313e0859258484d48e16
Score10/10-
BlackMatter Ransomware
BlackMatter ransomware group claims to be Darkside and REvil succesor.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-