General
-
Target
ed47e6ecca056bba20f2b299b9df1022caf2f3e7af1f526c1fe3b8bf2d6e7404
-
Size
80KB
-
Sample
211103-q94k6sbbar
-
MD5
caf751f08b0fbe9ec99469f073c3262e
-
SHA1
445f7b8ddb50250eb5ee051af0e8a32e62173c95
-
SHA256
ed47e6ecca056bba20f2b299b9df1022caf2f3e7af1f526c1fe3b8bf2d6e7404
-
SHA512
06ce425fb1f8cd36e2d0c36e585b369cc327957559df1ff8403aa0f1054acae3bf78f7aa20c04dd5a418bca48b8bf8e42f489ac6d3cbc8199c355794df2a61c8
Static task
static1
Behavioral task
behavioral1
Sample
ed47e6ecca056bba20f2b299b9df1022caf2f3e7af1f526c1fe3b8bf2d6e7404.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
ed47e6ecca056bba20f2b299b9df1022caf2f3e7af1f526c1fe3b8bf2d6e7404.exe
Resource
win10-en-20211014
Malware Config
Extracted
C:\6amPnJyPq.README.txt
blackmatter
http://supp24yy6a66hwszu2piygicgwzdtbwftb76htfj7vnip3getgqnzxid.onion/HCWB50PNECHW5CRCQF
Targets
-
-
Target
ed47e6ecca056bba20f2b299b9df1022caf2f3e7af1f526c1fe3b8bf2d6e7404
-
Size
80KB
-
MD5
caf751f08b0fbe9ec99469f073c3262e
-
SHA1
445f7b8ddb50250eb5ee051af0e8a32e62173c95
-
SHA256
ed47e6ecca056bba20f2b299b9df1022caf2f3e7af1f526c1fe3b8bf2d6e7404
-
SHA512
06ce425fb1f8cd36e2d0c36e585b369cc327957559df1ff8403aa0f1054acae3bf78f7aa20c04dd5a418bca48b8bf8e42f489ac6d3cbc8199c355794df2a61c8
Score10/10-
BlackMatter Ransomware
BlackMatter ransomware group claims to be Darkside and REvil succesor.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-