General
-
Target
NoBit.patched.exe
-
Size
546KB
-
Sample
231103-ynbbhahe7x
-
MD5
5a5d6d6fade80634580e373be2c91924
-
SHA1
e2b08b0bacb84128af910735c8ce8903483d1e03
-
SHA256
669ba15b1fc970333c1ba980ba8ae143dbaacac92b4acb66df8d82a5c6fd6ba0
-
SHA512
4d418df5d3fe56717b8f0a45d0fcd0dafc6435abc7c547f715b4262639eee212ccf90f7943750a80d54f9149e0f7b660296b971e53128519d2441dba192727b7
-
SSDEEP
12288:oDQvjZR8N/3a4GY6bAYIV9MeOFv/glO0JhdBQqzma+v:WwR8dA2lO60oHcL
Malware Config
Targets
-
-
Target
NoBit.patched.exe
-
Size
546KB
-
MD5
5a5d6d6fade80634580e373be2c91924
-
SHA1
e2b08b0bacb84128af910735c8ce8903483d1e03
-
SHA256
669ba15b1fc970333c1ba980ba8ae143dbaacac92b4acb66df8d82a5c6fd6ba0
-
SHA512
4d418df5d3fe56717b8f0a45d0fcd0dafc6435abc7c547f715b4262639eee212ccf90f7943750a80d54f9149e0f7b660296b971e53128519d2441dba192727b7
-
SSDEEP
12288:oDQvjZR8N/3a4GY6bAYIV9MeOFv/glO0JhdBQqzma+v:WwR8dA2lO60oHcL
Score10/10-
Matrix Ransomware
Targeted ransomware with information collection and encryption functionality.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (81) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Sets desktop wallpaper using registry
-