Overview
overview
10Static
static
10072158f558...86.exe
windows7_x64
10072158f558...86.exe
windows10_x64
1020742987e6...41.exe
windows7_x64
1020742987e6...41.exe
windows10_x64
1022d7d67c3a...d6.exe
windows7_x64
1022d7d67c3a...d6.exe
windows10_x64
102c323453e9...09.exe
windows7_x64
102c323453e9...09.exe
windows10_x64
102e50eb85f6...b2.exe
windows7_x64
102e50eb85f6...b2.exe
windows10_x64
104be85e2083...2b.exe
windows7_x64
104be85e2083...2b.exe
windows10_x64
105da8d2e1b3...fa.exe
windows7_x64
105da8d2e1b3...fa.exe
windows10_x64
10668a4a2300...e6.exe
windows7_x64
10668a4a2300...e6.exe
windows10_x64
106d4712df42...db.exe
windows7_x64
56d4712df42...db.exe
windows10_x64
10706f3eec32...9d.exe
windows7_x64
10706f3eec32...9d.exe
windows10_x64
107f6dd0ca03...84.exe
windows7_x64
107f6dd0ca03...84.exe
windows10_x64
109cf9441554...6a.exe
windows7_x64
109cf9441554...6a.exe
windows10_x64
10b0e929e35c...6a.exe
windows7_x64
10b0e929e35c...6a.exe
windows10_x64
10c6e2ef30a8...99.exe
windows7_x64
10c6e2ef30a8...99.exe
windows10_x64
10e4a2260bcb...2d.exe
windows7_x64
10e4a2260bcb...2d.exe
windows10_x64
10eaac447d6a...4b.exe
windows7_x64
10eaac447d6a...4b.exe
windows10_x64
10General
-
Target
blackmatter4.zip
-
Size
703KB
-
Sample
211123-mkec7shgfl
-
MD5
e5416e33cbe4b3b63ff0f741bf468622
-
SHA1
e82597ae9f87b1568d7cbd966a0185a24f1a108c
-
SHA256
8561226f674aeb4abc1b9910ddc4855ac8ac2fcd4f5face1f84e34878ac98afc
-
SHA512
95acf78b3a4092e06f08d12a05a7fbe209ddda7beff0be6fb071b11f272ab84c18ed9e22adb5b046636f1d895dad17c29650868093aa11c6f7733cfbdee4141b
Static task
static1
Behavioral task
behavioral1
Sample
072158f5588440e6c94cb419ae06a27cf584afe3b0cb09c28eff0b4662c15486.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
072158f5588440e6c94cb419ae06a27cf584afe3b0cb09c28eff0b4662c15486.exe
Resource
win10-en-20211104
Behavioral task
behavioral3
Sample
20742987e6f743814b25e214f8b2cd43111e2f60a8856a6cca87cafd85422f41.exe
Resource
win7-en-20211104
Behavioral task
behavioral4
Sample
20742987e6f743814b25e214f8b2cd43111e2f60a8856a6cca87cafd85422f41.exe
Resource
win10-en-20211104
Behavioral task
behavioral5
Sample
22d7d67c3af10b1a37f277ebabe2d1eb4fd25afbd6437d4377400e148bcc08d6.exe
Resource
win7-en-20211014
Behavioral task
behavioral6
Sample
22d7d67c3af10b1a37f277ebabe2d1eb4fd25afbd6437d4377400e148bcc08d6.exe
Resource
win10-en-20211104
Behavioral task
behavioral7
Sample
2c323453e959257c7aa86dc180bb3aaaa5c5ec06fa4e72b632d9e4b817052009.exe
Resource
win7-en-20211104
Behavioral task
behavioral8
Sample
2c323453e959257c7aa86dc180bb3aaaa5c5ec06fa4e72b632d9e4b817052009.exe
Resource
win10-en-20211014
Behavioral task
behavioral9
Sample
2e50eb85f6e271001e69c5733af95c34728893145766066c5ff8708dcc0e43b2.exe
Resource
win7-en-20211104
Behavioral task
behavioral10
Sample
2e50eb85f6e271001e69c5733af95c34728893145766066c5ff8708dcc0e43b2.exe
Resource
win10-en-20211014
Behavioral task
behavioral11
Sample
4be85e2083b64838fb66b92195a250228a721cdb5ae91817ea97b37aa53f4a2b.exe
Resource
win7-en-20211104
Behavioral task
behavioral12
Sample
4be85e2083b64838fb66b92195a250228a721cdb5ae91817ea97b37aa53f4a2b.exe
Resource
win10-en-20211014
Behavioral task
behavioral13
Sample
5da8d2e1b36be0d661d276ea6523760dbe3fa4f3fdb7e32b144812ce50c483fa.exe
Resource
win7-en-20211104
Behavioral task
behavioral14
Sample
5da8d2e1b36be0d661d276ea6523760dbe3fa4f3fdb7e32b144812ce50c483fa.exe
Resource
win10-en-20211104
Behavioral task
behavioral15
Sample
668a4a2300f36c9df0f7307cc614be3297f036fa312a424765cdb2c169187fe6.exe
Resource
win7-en-20211014
Behavioral task
behavioral16
Sample
668a4a2300f36c9df0f7307cc614be3297f036fa312a424765cdb2c169187fe6.exe
Resource
win10-en-20211104
Behavioral task
behavioral17
Sample
6d4712df42ad0982041ef0e2e109ab5718b43830f2966bd9207a7fac3af883db.exe
Resource
win7-en-20211014
Behavioral task
behavioral18
Sample
6d4712df42ad0982041ef0e2e109ab5718b43830f2966bd9207a7fac3af883db.exe
Resource
win10-en-20211104
Behavioral task
behavioral19
Sample
706f3eec328e91ff7f66c8f0a2fb9b556325c153a329a2062dc85879c540839d.exe
Resource
win7-en-20211014
Behavioral task
behavioral20
Sample
706f3eec328e91ff7f66c8f0a2fb9b556325c153a329a2062dc85879c540839d.exe
Resource
win10-en-20211104
Behavioral task
behavioral21
Sample
7f6dd0ca03f04b64024e86a72a6d7cfab6abccc2173b85896fc4b431990a5984.exe
Resource
win7-en-20211104
Behavioral task
behavioral22
Sample
7f6dd0ca03f04b64024e86a72a6d7cfab6abccc2173b85896fc4b431990a5984.exe
Resource
win10-en-20211014
Behavioral task
behavioral23
Sample
9cf9441554ac727f9d191ad9de1dc101867ffe5264699cafcf2734a4b89d5d6a.exe
Resource
win7-en-20211104
Behavioral task
behavioral24
Sample
9cf9441554ac727f9d191ad9de1dc101867ffe5264699cafcf2734a4b89d5d6a.exe
Resource
win10-en-20211014
Behavioral task
behavioral25
Sample
b0e929e35c47a60f65e4420389cad46190c26e8cfaabe922efd73747b682776a.exe
Resource
win7-en-20211104
Behavioral task
behavioral26
Sample
b0e929e35c47a60f65e4420389cad46190c26e8cfaabe922efd73747b682776a.exe
Resource
win10-en-20211014
Behavioral task
behavioral27
Sample
c6e2ef30a86baa670590bd21acf5b91822117e0cbe6060060bc5fe0182dace99.exe
Resource
win7-en-20211104
Behavioral task
behavioral28
Sample
c6e2ef30a86baa670590bd21acf5b91822117e0cbe6060060bc5fe0182dace99.exe
Resource
win10-en-20211014
Behavioral task
behavioral29
Sample
e4a2260bcba8059207fdcc2d59841a8c4ddbe39b6b835feef671bceb95cd232d.exe
Resource
win7-en-20211104
Behavioral task
behavioral30
Sample
e4a2260bcba8059207fdcc2d59841a8c4ddbe39b6b835feef671bceb95cd232d.exe
Resource
win10-en-20211104
Behavioral task
behavioral31
Sample
eaac447d6ae733210a07b1f79e97eda017a442e721d8fafe618e2c789b18234b.exe
Resource
win7-en-20211014
Behavioral task
behavioral32
Sample
eaac447d6ae733210a07b1f79e97eda017a442e721d8fafe618e2c789b18234b.exe
Resource
win10-en-20211104
Malware Config
Extracted
blackmatter
2.0
5791ae39aeab40b5e8e33d8dce465877
-
attempt_auth
false
-
create_mutex
true
-
encrypt_network_shares
true
-
exfiltrate
false
-
mount_volumes
true
Extracted
blackmatter
1.2
512478c08dada2af19e49808fbda5b0b
- Username:
[email protected] - Password:
120Heisler
- Username:
[email protected] - Password:
Tesla2019
- Username:
[email protected] - Password:
iteam8**
https://paymenthacks.com
http://paymenthacks.com
https://mojobiden.com
http://mojobiden.com
-
attempt_auth
true
-
create_mutex
true
-
encrypt_network_shares
true
-
exfiltrate
true
-
mount_volumes
true
Extracted
blackmatter
1.2
bab21ee475b52c0c9eb47d23ec9ba1d1
https://paymenthacks.com
http://paymenthacks.com
https://mojobiden.com
http://mojobiden.com
-
attempt_auth
false
-
create_mutex
true
-
encrypt_network_shares
true
-
exfiltrate
true
-
mount_volumes
true
Extracted
blackmatter
2.0
e4aaffc36f5d5b7d597455eb6d497df5
- Username:
[email protected] - Password:
BBis#1ec
- Username:
[email protected] - Password:
k8DbBSZYWWnr0QqrILoo
- Username:
[email protected] - Password:
Smokie@CF
https://mojobiden.com
http://mojobiden.com
https://nowautomation.com
http://nowautomation.com
-
attempt_auth
true
-
create_mutex
true
-
encrypt_network_shares
true
-
exfiltrate
true
-
mount_volumes
true
Extracted
blackmatter
2.0
b0e039b42ef6c19c2189651c9f6c390e
- Username:
[email protected] - Password:
Rubcabher96
- Username:
[email protected] - Password:
Alsa2003
-
attempt_auth
true
-
create_mutex
true
-
encrypt_network_shares
true
-
exfiltrate
false
-
mount_volumes
true
Extracted
blackmatter
2.0
d58b3b69acc48f82eaa82076f97763d4
https://mojobiden.com
http://mojobiden.com
https://nowautomation.com
http://nowautomation.com
-
attempt_auth
false
-
create_mutex
true
-
encrypt_network_shares
true
-
exfiltrate
true
-
mount_volumes
true
Extracted
blackmatter
1.6
32bd08ad5e5e881aa2634621d611a1a5
- Username:
[email protected] - Password:
@iep.2013
https://mojobiden.com
http://mojobiden.com
-
attempt_auth
true
-
create_mutex
false
-
encrypt_network_shares
true
-
exfiltrate
true
-
mount_volumes
true
Extracted
blackmatter
2.0
90a881ffa127b004cec6802588fce307
- Username:
[email protected] - Password:
Q7Q"
- Username:
[email protected] - Password:
!$(AYw94+PJ,rX
- Username:
jmiklo@@adroot.newcoop.com - Password:
sanfran85
- Username:
[email protected] - Password:
sanfran85
- Username:
[email protected] - Password:
sanfran85
https://mojobiden.com
http://mojobiden.com
https://nowautomation.com
http://nowautomation.com
-
attempt_auth
true
-
create_mutex
true
-
encrypt_network_shares
true
-
exfiltrate
true
-
mount_volumes
true
Extracted
blackmatter
2.0
d73c69209fbe768d5fa7ffbcad509c66
https://mojobiden.com
http://mojobiden.com
https://nowautomation.com
http://nowautomation.com
-
attempt_auth
false
-
create_mutex
true
-
encrypt_network_shares
true
-
exfiltrate
true
-
mount_volumes
true
Extracted
blackmatter
2.0
879194e26a0ed7cf50f13c681e711c82
- Username:
[email protected] - Password:
vpnvpn08
- Username:
[email protected] - Password:
Apr@123456
- Username:
[email protected] - Password:
Olympus$12345
- Username:
[email protected] - Password:
Olympus@12345
- Username:
[email protected] - Password:
ofrt!n@
- Username:
[email protected] - Password:
Is3@dmin
- Username:
[email protected] - Password:
Sinchan@12345
- Username:
[email protected] - Password:
HappyDays.12
- Username:
[email protected] - Password:
Qwerasdzx123!@#
- Username:
[email protected] - Password:
Coro@12345
- Username:
[email protected] - Password:
Ultimate06!
- Username:
[email protected] - Password:
Olympus@12345
- Username:
[email protected] - Password:
Zxcasd@123
- Username:
[email protected] - Password:
Qweasdzxc@12345
- Username:
[email protected] - Password:
Helmi-2005
- Username:
[email protected] - Password:
Acr0$$@123
- Username:
[email protected] - Password:
V1rtu@1c3!
-
attempt_auth
true
-
create_mutex
true
-
encrypt_network_shares
true
-
exfiltrate
false
-
mount_volumes
true
Extracted
blackmatter
2.0
10d51524bc007aa845e77556cdcab174
- Username:
[email protected] - Password:
tGv7R79N9rC@Y$RfLCkwb*byl*mxLv
- Username:
[email protected] - Password:
V3D174taC8Zb0EIz^cysiARR&
- Username:
[email protected] - Password:
YmedEwW&
- Username:
[email protected] - Password:
exiAClEU!wcrEi0R7szO087oH0h13B
https://mojobiden.com
http://mojobiden.com
https://nowautomation.com
http://nowautomation.com
-
attempt_auth
true
-
create_mutex
true
-
encrypt_network_shares
true
-
exfiltrate
true
-
mount_volumes
true
Extracted
blackmatter
1.2
Targets
-
-
Target
072158f5588440e6c94cb419ae06a27cf584afe3b0cb09c28eff0b4662c15486
-
Size
34KB
-
MD5
b06e2455a9c7c9485b85e9bdcceb8078
-
SHA1
a63304592f422656d7abcb086915f9e799ad4641
-
SHA256
072158f5588440e6c94cb419ae06a27cf584afe3b0cb09c28eff0b4662c15486
-
SHA512
adc0501cbb19b53ecafa4522d5369f08e013df3c06dc068f3b1b6b823bca9dfa49a93d0fe1df5fb9ae026305f720cb8923bdbb9c5b7b98fb846670dd3e51fcf9
Score10/10-
BlackMatter Ransomware
BlackMatter ransomware group claims to be Darkside and REvil succesor.
-
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (mojobiden .com)
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (mojobiden .com)
-
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (paymenthacks .com)
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (paymenthacks .com)
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
20742987e6f743814b25e214f8b2cd43111e2f60a8856a6cca87cafd85422f41
-
Size
78KB
-
MD5
7b125a148ce0e0c126b95395dbf02b0e
-
SHA1
778f954480ca76029109fd6bf34904bfb1109e84
-
SHA256
20742987e6f743814b25e214f8b2cd43111e2f60a8856a6cca87cafd85422f41
-
SHA512
daaeb7e228a3d5c7717c58287539902e79215d9795dcb1459213f7d515392f53f16ac2f0d455e635e89addd321f4f68ccdad9f5af60f8f4d1759b7ddf5409cf9
Score10/10-
BlackMatter Ransomware
BlackMatter ransomware group claims to be Darkside and REvil succesor.
-
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (mojobiden .com)
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (mojobiden .com)
-
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (nowautomation .com)
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (nowautomation .com)
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
22d7d67c3af10b1a37f277ebabe2d1eb4fd25afbd6437d4377400e148bcc08d6
-
Size
67KB
-
MD5
598c53bfef81e489375f09792e487f1a
-
SHA1
80a29bd2c349a8588edf42653ed739054f9a10f5
-
SHA256
22d7d67c3af10b1a37f277ebabe2d1eb4fd25afbd6437d4377400e148bcc08d6
-
SHA512
6a82ad5009588d2fa343bef8d9d2a02e2e76eec14979487a929a96a6b6965e82265a69ef8dd29a01927e9713468de3aedd7b5ee5e79839a1a50649855a160c35
Score10/10-
BlackMatter Ransomware
BlackMatter ransomware group claims to be Darkside and REvil succesor.
-
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (mojobiden .com)
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (mojobiden .com)
-
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (paymenthacks .com)
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (paymenthacks .com)
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
2c323453e959257c7aa86dc180bb3aaaa5c5ec06fa4e72b632d9e4b817052009
-
Size
66KB
-
MD5
a55bc3368a10ca5a92c1c9ecae97ced9
-
SHA1
72ed32b0e8692c7caa25d61e1828cdb48c4fe361
-
SHA256
2c323453e959257c7aa86dc180bb3aaaa5c5ec06fa4e72b632d9e4b817052009
-
SHA512
da3187046c267b8053f0274de81665234dd07c1d06c61108878abccccb2f10bfe4bf7c53e0e4100ed76772b8b92bdd6c4953f19250f33be7dd9380ab3b63db3c
Score10/10-
BlackMatter Ransomware
BlackMatter ransomware group claims to be Darkside and REvil succesor.
-
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (mojobiden .com)
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (mojobiden .com)
-
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (paymenthacks .com)
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (paymenthacks .com)
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
2e50eb85f6e271001e69c5733af95c34728893145766066c5ff8708dcc0e43b2
-
Size
79KB
-
MD5
18c7c940bc6a4e778fbdf4a3e28151a8
-
SHA1
f3589918d71b87c7e764479b79c4a7b485cb746a
-
SHA256
2e50eb85f6e271001e69c5733af95c34728893145766066c5ff8708dcc0e43b2
-
SHA512
6e808fe882640a517c2054fdece73059c7ea3e27a946e55f41b91fd0f757dcd8c76be8f381f60f3e45449edebaa4f620b903337727607f7768543b1acec40d18
Score10/10-
BlackMatter Ransomware
BlackMatter ransomware group claims to be Darkside and REvil succesor.
-
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (mojobiden .com)
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (mojobiden .com)
-
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (nowautomation .com)
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (nowautomation .com)
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
4be85e2083b64838fb66b92195a250228a721cdb5ae91817ea97b37aa53f4a2b
-
Size
78KB
-
MD5
62a70f74d6ac64829a8a31e306e9d41d
-
SHA1
ec26b38a29549272cc5f0cf548e208030ff114b0
-
SHA256
4be85e2083b64838fb66b92195a250228a721cdb5ae91817ea97b37aa53f4a2b
-
SHA512
0bd94273735921ca43b2c12e1e9c1aba158c2f825621d1a3daa8bafecf652ea35f68bc12a748fe583429b698dc51ce4f39194129daf5521996d2d9faceb3a372
Score10/10-
BlackMatter Ransomware
BlackMatter ransomware group claims to be Darkside and REvil succesor.
-
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (mojobiden .com)
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (mojobiden .com)
-
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (nowautomation .com)
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (nowautomation .com)
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
5da8d2e1b36be0d661d276ea6523760dbe3fa4f3fdb7e32b144812ce50c483fa
-
Size
78KB
-
MD5
38035325b785329e3f618b2a0b90eb75
-
SHA1
33294a6c609b6ced2acef3964d7ec34dc0101a9a
-
SHA256
5da8d2e1b36be0d661d276ea6523760dbe3fa4f3fdb7e32b144812ce50c483fa
-
SHA512
675a0defdfa3de5f54ece0297d955372480f25e8b9f27fa700d5cdc2c6ecedadc7b68cac2f8e2e452bdbab6a958593f45d3eab14d6e7bbfee472383879bd7b17
Score10/10-
BlackMatter Ransomware
BlackMatter ransomware group claims to be Darkside and REvil succesor.
-
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (mojobiden .com)
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (mojobiden .com)
-
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (nowautomation .com)
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (nowautomation .com)
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
668a4a2300f36c9df0f7307cc614be3297f036fa312a424765cdb2c169187fe6
-
Size
34KB
-
MD5
6f5c77478795ff7fb9700ed50b334429
-
SHA1
6803d62254edf3bdd3bc523422ff98e6120b6e5b
-
SHA256
668a4a2300f36c9df0f7307cc614be3297f036fa312a424765cdb2c169187fe6
-
SHA512
40e4ffd227443003e0506f8d1fbfbacde54f9bfb5fa6908f05e134ee25217d3c3907d7c981107d642c071063b57253b4727fb6a211d7698a7a9bae2d8beede5f
Score10/10-
BlackMatter Ransomware
BlackMatter ransomware group claims to be Darkside and REvil succesor.
-
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (mojobiden .com)
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (mojobiden .com)
-
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (paymenthacks .com)
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (paymenthacks .com)
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
6d4712df42ad0982041ef0e2e109ab5718b43830f2966bd9207a7fac3af883db
-
Size
71KB
-
MD5
10aa058a3ac49e016cad7987b8e09886
-
SHA1
cca6682330a819592c3b1ea0448ceb4e141593dc
-
SHA256
6d4712df42ad0982041ef0e2e109ab5718b43830f2966bd9207a7fac3af883db
-
SHA512
f115fb62b1ca5e18f6340d42ff4393e2b175917312ae1cc14e7a6a9322cf8adaf22457bc8213e2baafdc2cb19d5db1e5a9c003155cbf142d5a08604495e22f6e
Score10/10-
BlackMatter Ransomware
BlackMatter ransomware group claims to be Darkside and REvil succesor.
-
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (mojobiden .com)
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (mojobiden .com)
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
706f3eec328e91ff7f66c8f0a2fb9b556325c153a329a2062dc85879c540839d
-
Size
79KB
-
MD5
62a1b4d4b461f4eaae91c70727f71604
-
SHA1
1ced9a7e62aa65faa03eb1ad2bc786e9d9b5f6c2
-
SHA256
706f3eec328e91ff7f66c8f0a2fb9b556325c153a329a2062dc85879c540839d
-
SHA512
d14f989f5f54663c3ea63526a000e8db5d172046e37f412ed47cd31eb14db071b515b854bbb3ab3d2f41f936b6962583aaa0b3ef1236aa2506148813f66ad542
Score10/10-
BlackMatter Ransomware
BlackMatter ransomware group claims to be Darkside and REvil succesor.
-
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (mojobiden .com)
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (mojobiden .com)
-
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (nowautomation .com)
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (nowautomation .com)
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
7f6dd0ca03f04b64024e86a72a6d7cfab6abccc2173b85896fc4b431990a5984
-
Size
67KB
-
MD5
d0512f2063cbd79fb0f770817cc81ab3
-
SHA1
e324a2c8fae0d26b12f00ac859340f8d9945a9c1
-
SHA256
7f6dd0ca03f04b64024e86a72a6d7cfab6abccc2173b85896fc4b431990a5984
-
SHA512
a62cecdf8887e426332d56914dfe03780402a34896ffe7a3a932986832db7080e599db32bb2113238443750227a50de84ae36c6811993c43b7eee8b1a018d641
Score10/10-
BlackMatter Ransomware
BlackMatter ransomware group claims to be Darkside and REvil succesor.
-
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (mojobiden .com)
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (mojobiden .com)
-
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (paymenthacks .com)
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (paymenthacks .com)
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
9cf9441554ac727f9d191ad9de1dc101867ffe5264699cafcf2734a4b89d5d6a
-
Size
78KB
-
MD5
d298d54961823dd20b7a4d14b9326964
-
SHA1
5b70fd4f2ef2000cf2af1d2eb8a5158cc8802c90
-
SHA256
9cf9441554ac727f9d191ad9de1dc101867ffe5264699cafcf2734a4b89d5d6a
-
SHA512
64be2de822607f8d85066a972468528706133cc3133f90f0fb51cd5874e83d0bce5d240d9aabc021730dbd654a26069933850db5de895011fc4d4045564ba6ca
Score10/10-
BlackMatter Ransomware
BlackMatter ransomware group claims to be Darkside and REvil succesor.
-
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (mojobiden .com)
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (mojobiden .com)
-
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (nowautomation .com)
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (nowautomation .com)
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
b0e929e35c47a60f65e4420389cad46190c26e8cfaabe922efd73747b682776a
-
Size
80KB
-
MD5
cdece7491402c7cb06964ffc680d791a
-
SHA1
8c5427baa48d840bc7508eeaa7c091d368a68e0a
-
SHA256
b0e929e35c47a60f65e4420389cad46190c26e8cfaabe922efd73747b682776a
-
SHA512
5ff6eb1f81bb309aede35a9aef26ea587b6c2e49bea66f6e91bf1dbc02cc978869a1bfd376b524522cc8bf99f48ee7f62db9322212342bc4d7af40984290e501
Score10/10-
BlackMatter Ransomware
BlackMatter ransomware group claims to be Darkside and REvil succesor.
-
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (mojobiden .com)
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (mojobiden .com)
-
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (nowautomation .com)
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (nowautomation .com)
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
c6e2ef30a86baa670590bd21acf5b91822117e0cbe6060060bc5fe0182dace99
-
Size
66KB
-
MD5
ba375d0625001102fc1f2ccb6f582d91
-
SHA1
379ebd1eff6f8685f4ff72657626bf6df5383d87
-
SHA256
c6e2ef30a86baa670590bd21acf5b91822117e0cbe6060060bc5fe0182dace99
-
SHA512
795b10a638e289729192de6a6d9964b5ad3b8084f84d58da077ca8ec08c8b8cb1acadb5240962d4ccacf66242bab1430923fc77bdbbfacd0badd64df2ba1487f
Score10/10-
BlackMatter Ransomware
BlackMatter ransomware group claims to be Darkside and REvil succesor.
-
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (mojobiden .com)
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (mojobiden .com)
-
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (paymenthacks .com)
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (paymenthacks .com)
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
e4a2260bcba8059207fdcc2d59841a8c4ddbe39b6b835feef671bceb95cd232d
-
Size
79KB
-
MD5
5de71f0e1ad0e2c2968153809ffaff05
-
SHA1
f023f314327acd96cd8a0f8e32451b2d2dee61d0
-
SHA256
e4a2260bcba8059207fdcc2d59841a8c4ddbe39b6b835feef671bceb95cd232d
-
SHA512
2fce4fbdf3bc7e0dfa9cc90581c08ea6578522c65891e12359bd464b1ea007006979491b9049e4a20fabd196bf321275cc003d537236c2bd5bf8826f85543c05
Score10/10-
BlackMatter Ransomware
BlackMatter ransomware group claims to be Darkside and REvil succesor.
-
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (mojobiden .com)
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (mojobiden .com)
-
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (nowautomation .com)
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (nowautomation .com)
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
eaac447d6ae733210a07b1f79e97eda017a442e721d8fafe618e2c789b18234b
-
Size
79KB
-
MD5
c958e5710adefbc68f3e0719f48bcf87
-
SHA1
f50429c2e706f65fd3fb62968a74b391e5417e66
-
SHA256
eaac447d6ae733210a07b1f79e97eda017a442e721d8fafe618e2c789b18234b
-
SHA512
f5dbe5cc944d6dccbc085c5344e3a61f8945c838dcbfee0a0fbf69429946fed5db363da621835ffb54ee76eba938f7fd31c73b9a727ab2cf5c554b58bc09258d
Score10/10-
BlackMatter Ransomware
BlackMatter ransomware group claims to be Darkside and REvil succesor.
-
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (mojobiden .com)
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (mojobiden .com)
-
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (nowautomation .com)
suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (nowautomation .com)
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-