General
-
Target
77340f01535db5c80c1f3e725a8f8de17bb227f567b8f568dd339be6ddacf60e
-
Size
1.2MB
-
Sample
220129-znhagshhd9
-
MD5
04ae8662cb8528e336b46ae2405f2c92
-
SHA1
833137ae5978af4b28edbb7fa6f0eec0c448fdbd
-
SHA256
77340f01535db5c80c1f3e725a8f8de17bb227f567b8f568dd339be6ddacf60e
-
SHA512
37543ab66e8f761e9d497e2efe0eb59505e5f76b16959a5681f287c7ff8f9d6db7b1383f9c2b051075ddc33c8a734f5f56376aa23ca471bf3fd60145dc621d3a
Malware Config
Extracted
C:\TEVwl5dwR.README.txt
blackmatter
http://supp24yy6a66hwszu2piygicgwzdtbwftb76htfj7vnip3getgqnzxid.onion/0JOA98TDMXLHJ77VDOO
Targets
-
-
Target
77340f01535db5c80c1f3e725a8f8de17bb227f567b8f568dd339be6ddacf60e
-
Size
1.2MB
-
MD5
04ae8662cb8528e336b46ae2405f2c92
-
SHA1
833137ae5978af4b28edbb7fa6f0eec0c448fdbd
-
SHA256
77340f01535db5c80c1f3e725a8f8de17bb227f567b8f568dd339be6ddacf60e
-
SHA512
37543ab66e8f761e9d497e2efe0eb59505e5f76b16959a5681f287c7ff8f9d6db7b1383f9c2b051075ddc33c8a734f5f56376aa23ca471bf3fd60145dc621d3a
Score10/10-
BlackMatter Ransomware
BlackMatter ransomware group claims to be Darkside and REvil succesor.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-