General
-
Target
42f07bec4edcba04adac1d944f5ec131628565da831fccbfcd42292ea520a620
-
Size
1.2MB
-
Sample
220201-kjw6hsbehk
-
MD5
268360527625d09e747d9f7ab1f84da5
-
SHA1
09772eb89c9743d3a6d7b2709c76e9740aa4c4b1
-
SHA256
42f07bec4edcba04adac1d944f5ec131628565da831fccbfcd42292ea520a620
-
SHA512
07fba0c06040fe4ef5f812a52d639bdea6cbe5bf7ff4560403ad12955e6b1ff2b4615361ac4533696a6c5e12d36fb2d2e0df3da2927f6b45f154f0a4e83315e1
Malware Config
Extracted
http://myexternalip.com/raw
Targets
-
-
Target
42f07bec4edcba04adac1d944f5ec131628565da831fccbfcd42292ea520a620
-
Size
1.2MB
-
MD5
268360527625d09e747d9f7ab1f84da5
-
SHA1
09772eb89c9743d3a6d7b2709c76e9740aa4c4b1
-
SHA256
42f07bec4edcba04adac1d944f5ec131628565da831fccbfcd42292ea520a620
-
SHA512
07fba0c06040fe4ef5f812a52d639bdea6cbe5bf7ff4560403ad12955e6b1ff2b4615361ac4533696a6c5e12d36fb2d2e0df3da2927f6b45f154f0a4e83315e1
Score10/10-
Matrix Ransomware
Targeted ransomware with information collection and encryption functionality.
-
suricata: ET MALWARE MSIL/Matrix Ransomware CnC Activity
suricata: ET MALWARE MSIL/Matrix Ransomware CnC Activity
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Blocklisted process makes network request
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Sets service image path in registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Modifies file permissions
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Sets desktop wallpaper using registry
-