General
-
Target
67144b2940e08c635cdb9d38298b79027d604365de4947909d89d48a0694e74a
-
Size
1.2MB
-
Sample
221228-w8vjrsec2v
-
MD5
c50c17057fc6ea67bc579196f1f73712
-
SHA1
44495db58fa7c94db840a3f696c8f546a5fce2d1
-
SHA256
67144b2940e08c635cdb9d38298b79027d604365de4947909d89d48a0694e74a
-
SHA512
7c5eb6317b0a51ae93302adb223d6163a5c771d5b1d8d77462c2463c37f32e0f7f957526a36e39ae5272687e4ebe2faf2d02e68601bc87afc95fc9d7145538aa
-
SSDEEP
24576:pxsxl/OOeI7RC4CJR5ez+IlnRJE5rABxPJhPPT/q:8fjRERAhPPzq
Static task
static1
Behavioral task
behavioral1
Sample
67144b2940e08c635cdb9d38298b79027d604365de4947909d89d48a0694e74a.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
67144b2940e08c635cdb9d38298b79027d604365de4947909d89d48a0694e74a.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
http://myexternalip.com/raw
Targets
-
-
Target
67144b2940e08c635cdb9d38298b79027d604365de4947909d89d48a0694e74a
-
Size
1.2MB
-
MD5
c50c17057fc6ea67bc579196f1f73712
-
SHA1
44495db58fa7c94db840a3f696c8f546a5fce2d1
-
SHA256
67144b2940e08c635cdb9d38298b79027d604365de4947909d89d48a0694e74a
-
SHA512
7c5eb6317b0a51ae93302adb223d6163a5c771d5b1d8d77462c2463c37f32e0f7f957526a36e39ae5272687e4ebe2faf2d02e68601bc87afc95fc9d7145538aa
-
SSDEEP
24576:pxsxl/OOeI7RC4CJR5ez+IlnRJE5rABxPJhPPT/q:8fjRERAhPPzq
-
Matrix Ransomware
Targeted ransomware with information collection and encryption functionality.
-
Modifies boot configuration data using bcdedit
-
Blocklisted process makes network request
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Modifies file permissions
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Sets desktop wallpaper using registry
-