Extracted

• • Target

    2a2a6e1e2b87e418cb5c601b53e18b1f2c2c5152e2dc3595f06a694c43834c21

  • Size

    2.6MB

  • MD5

    5cd0f0314c70799026ac841652a7ee07

  • SHA1

    f5420dc1b2f29e91c24345d02e190374ff3f3480

  • SHA256

    2a2a6e1e2b87e418cb5c601b53e18b1f2c2c5152e2dc3595f06a694c43834c21

  • SHA512

    f98809bd7166dd0284b8b40dee27d8ab1b284d609a124414c44a6624d2a6c1df0379721db896288b7f64170c02b5834ab4ee23866a66454522dee342096b4316

  Score

  10^/10

  matrixdiscoveryevasionpersistenceransomwareupx

  • Matrix Ransomware

    Targeted ransomware with information collection and encryption functionality.

    ransomwarematrix

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Blocklisted process makes network request

  • Drops file in Drivers directory

  • Executes dropped EXE

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Sets service image path in registry

    persistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Modifies file permissions

    discovery

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1behavioral2