General
-
Target
5374639699296256.zip.zip
-
Size
44KB
-
Sample
211019-wc12nsgcb9
-
MD5
8484dcf08e7ae91e153eb129c580c0c3
-
SHA1
cf9fbe3120be1c5881a169fcf171c36581a00a63
-
SHA256
a5cdca5a8120b5532f6de3395b9b6d411ad9234b857ce17bb3cc5747be6a7dd2
-
SHA512
3a763042d4a3955157e6f4b8594ccd4086cf359c543c37758627b46c1be24b519796e25f3388fe6a444bdbc39676bb9e34766ebb9c68cf136ab274580f2dcb56
Static task
static1
Behavioral task
behavioral1
Sample
2aad85dbd4c79bd21c6218892552d5c9fb216293a251559ba59d45d56a01437c.exe
Resource
win10-en-20211014
Malware Config
Extracted
C:\WRLMMTHME.README.txt
blackmatter
http://supp24maprinktc7uizgfyqhisx7lkszb6ogh6lwdzpac23w3mh4tvyd.onion/EWX33VYY3IGOXSG5ZZ2
Targets
-
-
Target
2aad85dbd4c79bd21c6218892552d5c9fb216293a251559ba59d45d56a01437c
-
Size
80KB
-
MD5
5c66cd4f21254f83663819138e634dd9
-
SHA1
6626cae85970e6490b8b0bf9da9aa4b57a79bb62
-
SHA256
2aad85dbd4c79bd21c6218892552d5c9fb216293a251559ba59d45d56a01437c
-
SHA512
093e1fb491d73ee240f1b0084bda233ef272618b56e61ed8602a57dec7b241b3f80a4a1749ff46d141399e71dd6127c9a8893c9d8d24c6aa48b0479a7ab42a2a
Score10/10-
BlackMatter Ransomware
BlackMatter ransomware group claims to be Darkside and REvil succesor.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-