Extracted

• • Target

    72c5665c4372dc234d6bc68d0b54987e38b294f0581170409be572dab14d8ff5

  • Size

    2.6MB

  • MD5

    1f987de3da76b532d5eb4dc0a8e07edc

  • SHA1

    2002718bb7d81d6661892c6f2631df27eac89f61

  • SHA256

    72c5665c4372dc234d6bc68d0b54987e38b294f0581170409be572dab14d8ff5

  • SHA512

    7db16f026aee59ff24e30e7e4ce9a0c7a0d6575b5dc1e7907169fd0fe53a5576deb21e16e7a88d053fe6ea6cec035458539e180e4caac6b46f5e612ce4486310

  Score

  10^/10

  matrixdiscoveryevasionpersistenceransomwaresuricataupx

  • Matrix Ransomware

    Targeted ransomware with information collection and encryption functionality.

    ransomwarematrix

  • suricata: ET MALWARE MSIL/Matrix Ransomware CnC Activity

    suricata: ET MALWARE MSIL/Matrix Ransomware CnC Activity

    suricata

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Blocklisted process makes network request

  • Drops file in Drivers directory

  • Executes dropped EXE

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Sets service image path in registry

    persistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Modifies file permissions

    discovery

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1behavioral2