Overview
overview
10Static
static
1022d7d67c3a...d6.exe
windows7-x64
1022d7d67c3a...d6.exe
windows10-2004-x64
1022d7d67c3a...d6.exe
android-9-x86
22d7d67c3a...d6.exe
android-10-x64
22d7d67c3a...d6.exe
android-11-x64
22d7d67c3a...d6.exe
macos-10.15-amd64
122d7d67c3a...d6.exe
ubuntu-18.04-amd64
22d7d67c3a...d6.exe
debian-9-armhf
22d7d67c3a...d6.exe
debian-9-mips
22d7d67c3a...d6.exe
debian-9-mipsel
General
-
Target
22d7d67c3af10b1a37f277ebabe2d1eb4fd25afbd6437d4377400e148bcc08d6.zip
-
Size
38KB
-
Sample
220727-hahknaeff3
-
MD5
286ca2c13c495df13d3b82474734352b
-
SHA1
12c98b130565cfd7d26e59b21467f6a161cc7521
-
SHA256
3ed7c84e02085f4a019e047a4bcae4ac3c1b002f08bc7b22a4db3e4c948d9538
-
SHA512
0d96f9fa26e23c89ca56d95cb107d0b09036c34f54315d96fd455ed0aeedb2b1e3cb1eebbf3c640ffbdea8cff244d465d35d8304b83c46044ee92a9884c4df78
Behavioral task
behavioral1
Sample
22d7d67c3af10b1a37f277ebabe2d1eb4fd25afbd6437d4377400e148bcc08d6.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
22d7d67c3af10b1a37f277ebabe2d1eb4fd25afbd6437d4377400e148bcc08d6.exe
Resource
win10v2004-20220721-en
Behavioral task
behavioral3
Sample
22d7d67c3af10b1a37f277ebabe2d1eb4fd25afbd6437d4377400e148bcc08d6.exe
Resource
android-x86-arm-20220621-en
Behavioral task
behavioral4
Sample
22d7d67c3af10b1a37f277ebabe2d1eb4fd25afbd6437d4377400e148bcc08d6.exe
Resource
android-x64-20220621-en
Behavioral task
behavioral5
Sample
22d7d67c3af10b1a37f277ebabe2d1eb4fd25afbd6437d4377400e148bcc08d6.exe
Resource
android-x64-arm64-20220621-en
Behavioral task
behavioral6
Sample
22d7d67c3af10b1a37f277ebabe2d1eb4fd25afbd6437d4377400e148bcc08d6.exe
Resource
macos-20220504-en
Behavioral task
behavioral7
Sample
22d7d67c3af10b1a37f277ebabe2d1eb4fd25afbd6437d4377400e148bcc08d6.exe
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral8
Sample
22d7d67c3af10b1a37f277ebabe2d1eb4fd25afbd6437d4377400e148bcc08d6.exe
Resource
debian9-armhf-en-20211208
Behavioral task
behavioral9
Sample
22d7d67c3af10b1a37f277ebabe2d1eb4fd25afbd6437d4377400e148bcc08d6.exe
Resource
debian9-mipsbe-en-20211208
Behavioral task
behavioral10
Sample
22d7d67c3af10b1a37f277ebabe2d1eb4fd25afbd6437d4377400e148bcc08d6.exe
Resource
debian9-mipsel-en-20211208
Malware Config
Extracted
blackmatter
1.2
512478c08dada2af19e49808fbda5b0b
- Username:
[email protected] - Password:
120Heisler
- Username:
[email protected] - Password:
Tesla2019
- Username:
[email protected] - Password:
iteam8**
https://paymenthacks.com
http://paymenthacks.com
https://mojobiden.com
http://mojobiden.com
-
attempt_auth
true
-
create_mutex
true
-
encrypt_network_shares
true
-
exfiltrate
true
-
mount_volumes
true
Extracted
C:\iGJgzMxgY.README.txt
blackmatter
http://supp24yy6a66hwszu2piygicgwzdtbwftb76htfj7vnip3getgqnzxid.onion/7NT6LXKC1XQHW5039BLOV
Targets
-
-
Target
22d7d67c3af10b1a37f277ebabe2d1eb4fd25afbd6437d4377400e148bcc08d6.exe
-
Size
67KB
-
MD5
598c53bfef81e489375f09792e487f1a
-
SHA1
80a29bd2c349a8588edf42653ed739054f9a10f5
-
SHA256
22d7d67c3af10b1a37f277ebabe2d1eb4fd25afbd6437d4377400e148bcc08d6
-
SHA512
6a82ad5009588d2fa343bef8d9d2a02e2e76eec14979487a929a96a6b6965e82265a69ef8dd29a01927e9713468de3aedd7b5ee5e79839a1a50649855a160c35
Score10/10-
BlackMatter Ransomware
BlackMatter ransomware group claims to be Darkside and REvil succesor.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-