General
-
Target
55926e8f3e48c5cc5a1e6279045a5ae39c26dcc79e84411d34f7b2158042a843.exe
-
Size
66KB
-
Sample
221228-sf6vjsdg3y
-
MD5
8e09e25c6dd51a06b9383457a5ec4b1e
-
SHA1
bb04c8d83f8946c3e03386269b290fb338c07dae
-
SHA256
55926e8f3e48c5cc5a1e6279045a5ae39c26dcc79e84411d34f7b2158042a843
-
SHA512
5ff01b4a419f3e25b5b3b154b556dd847a33aff884e25fc2c827bdf7c2d10b77affb7908f46b7400c293470314984ad771303d6468c6909b86093af9fca0414b
-
SSDEEP
1536:1zICS4AT6GxdEe+TOdincJXvKvWLBjklE:WR7auJXSOhCE
Malware Config
Extracted
blackmatter
1.2
bab21ee475b52c0c9eb47d23ec9ba1d1
https://paymenthacks.com
http://paymenthacks.com
https://mojobiden.com
http://mojobiden.com
-
attempt_auth
false
-
create_mutex
true
-
encrypt_network_shares
true
-
exfiltrate
true
-
mount_volumes
true
Extracted
C:\mbNfo6Nfs.README.txt
blackmatter
http://supp24yy6a66hwszu2piygicgwzdtbwftb76htfj7vnip3getgqnzxid.onion/GDBJS76DH3D4IKQD2QO7R
Targets
-
-
Target
55926e8f3e48c5cc5a1e6279045a5ae39c26dcc79e84411d34f7b2158042a843.exe
-
Size
66KB
-
MD5
8e09e25c6dd51a06b9383457a5ec4b1e
-
SHA1
bb04c8d83f8946c3e03386269b290fb338c07dae
-
SHA256
55926e8f3e48c5cc5a1e6279045a5ae39c26dcc79e84411d34f7b2158042a843
-
SHA512
5ff01b4a419f3e25b5b3b154b556dd847a33aff884e25fc2c827bdf7c2d10b77affb7908f46b7400c293470314984ad771303d6468c6909b86093af9fca0414b
-
SSDEEP
1536:1zICS4AT6GxdEe+TOdincJXvKvWLBjklE:WR7auJXSOhCE
Score10/10-
BlackMatter Ransomware
BlackMatter ransomware group claims to be Darkside and REvil succesor.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-