General
-
Target
4524784688e60313b8fefdebde441ca447c1330d90b86885fb55d099071c6ec9
-
Size
802KB
-
Sample
211123-m85v3ahhbr
-
MD5
3721485def21e7efbb418b3502ebc000
-
SHA1
6ce90543099f44f06b9151524c22e497777ed026
-
SHA256
4524784688e60313b8fefdebde441ca447c1330d90b86885fb55d099071c6ec9
-
SHA512
a0a8508afe73cf442c54adaa504e61d106127daa39f61a7400c773e0d21512eaff5c4a93c9497bf3f207aa0be3c48f212c03c6f53f212b89bf7783e7a032c211
Static task
static1
Behavioral task
behavioral1
Sample
4524784688e60313b8fefdebde441ca447c1330d90b86885fb55d099071c6ec9.ps1
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
4524784688e60313b8fefdebde441ca447c1330d90b86885fb55d099071c6ec9.ps1
Resource
win10-en-20211014
Malware Config
Extracted
\??\Z:\WRLMMTHME.README.txt
blackmatter
http://supp24maprinktc7uizgfyqhisx7lkszb6ogh6lwdzpac23w3mh4tvyd.onion/24HUMRRAZYQNDJ8A
Targets
-
-
Target
4524784688e60313b8fefdebde441ca447c1330d90b86885fb55d099071c6ec9
-
Size
802KB
-
MD5
3721485def21e7efbb418b3502ebc000
-
SHA1
6ce90543099f44f06b9151524c22e497777ed026
-
SHA256
4524784688e60313b8fefdebde441ca447c1330d90b86885fb55d099071c6ec9
-
SHA512
a0a8508afe73cf442c54adaa504e61d106127daa39f61a7400c773e0d21512eaff5c4a93c9497bf3f207aa0be3c48f212c03c6f53f212b89bf7783e7a032c211
Score10/10-
BlackMatter Ransomware
BlackMatter ransomware group claims to be Darkside and REvil succesor.
-
Blocklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-