Extracted

Extracted

• • Target

    cf60d0d6b05bfe2e51ca9dac01a4ae506b90d78d8d9d0fc266e3c01d8d2ba6b7

  • Size

    1.3MB

  • MD5

    da3ab4d40944c077f92e52d2c1de8fca

  • SHA1

    6676ef8826b9e5419958761f3a71464105290288

  • SHA256

    cf60d0d6b05bfe2e51ca9dac01a4ae506b90d78d8d9d0fc266e3c01d8d2ba6b7

  • SHA512

    1dcc1259105c730fff76e518d7d57bce8cacacfebc05cf7b3294ccdbf8286635bfe43532f7a19507d3fd42973429f2c9335d031cbd473b356cba1bab79ce318a

  Score

  10^/10

  blackmattercaa0d21adc7bdc4dc424497512a8f37dransomwaresuricata

  • BlackMatter Ransomware

    BlackMatter ransomware group claims to be Darkside and REvil succesor.

    ransomwareblackmatter

  • suricata: ET MALWARE BlackMatter CnC Activity

    suricata: ET MALWARE BlackMatter CnC Activity

    suricata

  • suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (mojobiden .com)

    suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (mojobiden .com)

    suricata

  • suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (paymenthacks .com)

    suricata: ET MALWARE BlackMatter CnC Domain in DNS Lookup (paymenthacks .com)

    suricata

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Loads dropped DLL

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Sets desktop wallpaper using registry

    ransomware

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2