Extracted

Extracted

• • Target

    3317daace715dc332622d883091cf68b

  • Size

    72KB

  • MD5

    3317daace715dc332622d883091cf68b

  • SHA1

    02fa74523198ebc1db490bdc6f10a78a44c4e28b

  • SHA256

    e4fd947a781611c85ea2e5afa51b186de7f351026c28eb067ad70028acd72cda

  • SHA512

    2739769ddd079b6555ebb84204f46bf94317ef5351734bd2aad74b1ad53738f92e3e278ea74b22f9b17db2219e01c963e694e6e1aec52a6089eaba394ef331b2

  • SSDEEP

    1536:BICS4AgxwhjEO3r825exqkHYnKeGsXqsMt:q2SN3mxYnKr

  Score

  10^/10

  blackmatterransomware

  • BlackMatter Ransomware

    BlackMatter ransomware group claims to be Darkside and REvil succesor.

    ransomwareblackmatter

  • Renames multiple (182) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Sets desktop wallpaper using registry

    ransomware

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2