blackmatter | 51cb81ec805a5fe9f67ab14cee4703ca83840285cc81d50761b18092bed8745f

General

Target

51cb81ec805a5fe9f67ab14cee4703ca83840285cc81d50761b18092bed8745f.exe
Size

34KB
Sample

221228-sfkx3sdg3w
MD5

76c242bdf600d151aceb5c09b81ed447
SHA1

f45d598dc49acc4271d38895363fe3cf1d390a54
SHA256

51cb81ec805a5fe9f67ab14cee4703ca83840285cc81d50761b18092bed8745f
SHA512

35eb33b57f5ef16976b39c6dc5c7868495693f43cd7758cb7070d9dc3fdc9ac65d6fe0d828c6c974f5caf8f908b289e0b1ba8a0f58d176f9ae83356915934183
SSDEEP

768:EegeEbf2rriFVI1kggGVtSMC2F7QGIFFBMterI6ywBuO1NJ:uE+VYVYMC2F7AoterI6yR2r

Score

10^/10

Malware Config

Extracted

Family

blackmatter

Version

1.2

Extracted

Path

C:\ZTyZBweZP.README.txt

Family

blackmatter

Ransom Note

~+ * + ' BLACK | () .-.,='``'=. - o - '=/_ \ | * | '=._ | \ `=./`, ' . '=.__.=' `=' * + Matter + O * ' . >>> What happens? Your network is encrypted, and currently not operational. We need only money, after payment we will give you a decryptor for the entire network and you will restore all the data. >>> What guarantees? We are not a politically motivated group and we do not need anything other than your money. If you pay, we will provide you the programs for decryption and we will delete your data. If we do not give you decrypters or we do not delete your data, no one will pay us in the future, this does not comply with our goals. We always keep our promises. >>> How to contact with us? 1. Download and install TOR Browser (https://www.torproject.org/). 2. Open http://supp24yy6a66hwszu2piygicgwzdtbwftb76htfj7vnip3getgqnzxid.onion/GDBJS76DH3D4IKQD2QO7R. >>> Warning! Recovery recommendations. We strongly recommend you to do not MODIFY or REPAIR your files, that will damage them.

URLs

http://supp24yy6a66hwszu2piygicgwzdtbwftb76htfj7vnip3getgqnzxid.onion/GDBJS76DH3D4IKQD2QO7R

Targets

- Target
  
  51cb81ec805a5fe9f67ab14cee4703ca83840285cc81d50761b18092bed8745f.exe
- Size
  
  34KB
- MD5
  
  76c242bdf600d151aceb5c09b81ed447
- SHA1
  
  f45d598dc49acc4271d38895363fe3cf1d390a54
- SHA256
  
  51cb81ec805a5fe9f67ab14cee4703ca83840285cc81d50761b18092bed8745f
- SHA512
  
  35eb33b57f5ef16976b39c6dc5c7868495693f43cd7758cb7070d9dc3fdc9ac65d6fe0d828c6c974f5caf8f908b289e0b1ba8a0f58d176f9ae83356915934183
- SSDEEP
  
  768:EegeEbf2rriFVI1kggGVtSMC2F7QGIFFBMterI6ywBuO1NJ:uE+VYVYMC2F7AoterI6yR2r
Score

10^/10

blackmatter ransomware upx
- BlackMatter Ransomware
  BlackMatter ransomware group claims to be Darkside and REvil succesor.
  ransomware blackmatter
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Sets desktop wallpaper using registry
  ransomware
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

1

T1491

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

BlackMatter Ransomware

Modifies extensions of user files

UPX packed file

Sets desktop wallpaper using registry

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2