General
-
Target
668a4a2300f36c9df0f7307cc614be3297f036fa312a424765cdb2c169187fe6
-
Size
34KB
-
Sample
211129-vlj9vafeb7
-
MD5
6f5c77478795ff7fb9700ed50b334429
-
SHA1
6803d62254edf3bdd3bc523422ff98e6120b6e5b
-
SHA256
668a4a2300f36c9df0f7307cc614be3297f036fa312a424765cdb2c169187fe6
-
SHA512
40e4ffd227443003e0506f8d1fbfbacde54f9bfb5fa6908f05e134ee25217d3c3907d7c981107d642c071063b57253b4727fb6a211d7698a7a9bae2d8beede5f
Static task
static1
Behavioral task
behavioral1
Sample
668a4a2300f36c9df0f7307cc614be3297f036fa312a424765cdb2c169187fe6.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
668a4a2300f36c9df0f7307cc614be3297f036fa312a424765cdb2c169187fe6.exe
Resource
win10-en-20211104
Malware Config
Extracted
C:\6amPnJyPq.README.txt
blackmatter
http://supp24yy6a66hwszu2piygicgwzdtbwftb76htfj7vnip3getgqnzxid.onion/GDBJS76DH3D4IKQD2QO7R
Targets
-
-
Target
668a4a2300f36c9df0f7307cc614be3297f036fa312a424765cdb2c169187fe6
-
Size
34KB
-
MD5
6f5c77478795ff7fb9700ed50b334429
-
SHA1
6803d62254edf3bdd3bc523422ff98e6120b6e5b
-
SHA256
668a4a2300f36c9df0f7307cc614be3297f036fa312a424765cdb2c169187fe6
-
SHA512
40e4ffd227443003e0506f8d1fbfbacde54f9bfb5fa6908f05e134ee25217d3c3907d7c981107d642c071063b57253b4727fb6a211d7698a7a9bae2d8beede5f
Score10/10-
BlackMatter Ransomware
BlackMatter ransomware group claims to be Darkside and REvil succesor.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-