General
-
Target
24e77cdf989fe275ee1a32971d9df69e_darkside_JC.exe
-
Size
77KB
-
Sample
230818-qck3kahf92
-
MD5
24e77cdf989fe275ee1a32971d9df69e
-
SHA1
707df9c69ba1e4c1c89eb2652b17dcb309de1a8a
-
SHA256
bc6a1e3bee0aadbdd1a7132bbd8a56ceb559a479a3f521a56738e146be999f96
-
SHA512
96194b78e6ad96b54000fe0b5344f1e28bec05e7d6ba6235470b6fbd114e10a18152f20ac852d7fe3b1b49cc583df5f8a2cb950a9e6894ea4e991696a005a85e
-
SSDEEP
1536:OnICS4ArFnRoHhcVyid9EZZoi+zQQaHYqf5O4QN:pZnmqVyq9EN+MvlZQ
Malware Config
Extracted
blackmatter
2.0
d58b3b69acc48f82eaa82076f97763d4
https://mojobiden.com
http://mojobiden.com
https://nowautomation.com
http://nowautomation.com
-
attempt_auth
false
-
create_mutex
true
-
encrypt_network_shares
true
-
exfiltrate
true
-
mount_volumes
true
Extracted
C:\ctFsubls0.README.txt
blackmatter
http://supp24yy6a66hwszu2piygicgwzdtbwftb76htfj7vnip3getgqnzxid.onion/O3KTUJZRE6CB4Q1OBR
Targets
-
-
Target
24e77cdf989fe275ee1a32971d9df69e_darkside_JC.exe
-
Size
77KB
-
MD5
24e77cdf989fe275ee1a32971d9df69e
-
SHA1
707df9c69ba1e4c1c89eb2652b17dcb309de1a8a
-
SHA256
bc6a1e3bee0aadbdd1a7132bbd8a56ceb559a479a3f521a56738e146be999f96
-
SHA512
96194b78e6ad96b54000fe0b5344f1e28bec05e7d6ba6235470b6fbd114e10a18152f20ac852d7fe3b1b49cc583df5f8a2cb950a9e6894ea4e991696a005a85e
-
SSDEEP
1536:OnICS4ArFnRoHhcVyid9EZZoi+zQQaHYqf5O4QN:pZnmqVyq9EN+MvlZQ
Score10/10-
BlackMatter Ransomware
BlackMatter ransomware group claims to be Darkside and REvil succesor.
-
Renames multiple (152) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Renames multiple (167) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-