Extracted

• • Target

    941af29a59f8d5960af161b9116bbc7d574a9af6f69a47cf0d3daeb31cba6eb1

  • Size

    1.2MB

  • MD5

    c82d64850d35cc6a536c11adbd261cf6

  • SHA1

    9f4d070a1b4668d110b57c167c4527fa2752c1fe

  • SHA256

    941af29a59f8d5960af161b9116bbc7d574a9af6f69a47cf0d3daeb31cba6eb1

  • SHA512

    777a06d73e70a881d5b3872236ba8b53aa4d42f94ad247c109980847ccd6d0c531d30afef10315d7b5fe70c7fe4496f932aaac41f6aec76e98474c44bb781002

  Score

  10^/10

  matrixdiscoverypersistenceransomwarespywarestealersuricataupx

  • Matrix Ransomware

    Targeted ransomware with information collection and encryption functionality.

    ransomwarematrix

  • suricata: ET MALWARE MSIL/Matrix Ransomware CnC Activity

    suricata: ET MALWARE MSIL/Matrix Ransomware CnC Activity

    suricata

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Blocklisted process makes network request

  • Drops file in Drivers directory

  • Executes dropped EXE

  • Sets service image path in registry

    persistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Loads dropped DLL

  • Modifies file permissions

    discovery

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1behavioral2