Overview

overview

10

Static

static

10

3f328e68ed...545ab0

ubuntu-18.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3f328e68ed4d59973f9c5b4f36545ab0

  • Size

    2.0MB

  • Sample

    240103-2g4w1sbgej

  • MD5

    3f328e68ed4d59973f9c5b4f36545ab0

  • SHA1

    f2724c0abb93b6a1d3f6fcb59b88c2aebbd76031

  • SHA256

    1247a68b960aa81b7517c614c12c8b5d1921d1d2fdf17be636079ad94caf970f

  • SHA512

    905834e82f0144db00dcb49078792beb7c595dd0fca1937aace49be430919f6a43b84f239c46f9e9bd5e494c49eb5f4e3c18ad494eb311c44e5704e715a0d10d

  • SSDEEP

    49152:k5Wy/20shMXR8uUz9cBbLc/6LCM01iNFFB9nO:k5Wy//sO8uDq6

Score
10/10
blackmatterlinuxransomware

Malware Config

Extracted

Family

blackmatter

Version

1.6.0.2

rsa_pubkey.plain

Extracted

Path

/var/log/ReadMe.txt

Ransom Note
~+ * + ' BLACK | () .-.,='``'=. - o - '=/_ \ | * | '=._ | \ `=./`, ' . '=.__.=' `=' * + Matter + O * ' . >>> What happens? Your linux hosts are encrypted, and currently not operational. We need only money, after payment we will give you a decryptor for the entire network and you will restore all the data. >>> What guarantees? We are not a politically motivated group and we do not need anything other than your money. If you pay, we will provide you the programs for decryption and we will delete your data. If we do not give you decrypters or we do not delete your data, no one will pay us in the future, this does not comply with our goals. We always keep our promises. >> How to contact with us? 1. Download and install TOR Browser (https://www.torproject.org/). 2. Open http://supp24yy6a66hwszu2piygicgwzdtbwftb76htfj7vnip3getgqnzxid.onion/7NT6LXKC1XQHW5039BLOV >> Warning! Recovery recommendations. Do not DELETE or MODIFY any files, it can lead to recovery problems!
URLs

http://supp24yy6a66hwszu2piygicgwzdtbwftb76htfj7vnip3getgqnzxid.onion/7NT6LXKC1XQHW5039BLOV

Targets

    • Target

      3f328e68ed4d59973f9c5b4f36545ab0

    • Size

      2.0MB

    • MD5

      3f328e68ed4d59973f9c5b4f36545ab0

    • SHA1

      f2724c0abb93b6a1d3f6fcb59b88c2aebbd76031

    • SHA256

      1247a68b960aa81b7517c614c12c8b5d1921d1d2fdf17be636079ad94caf970f

    • SHA512

      905834e82f0144db00dcb49078792beb7c595dd0fca1937aace49be430919f6a43b84f239c46f9e9bd5e494c49eb5f4e3c18ad494eb311c44e5704e715a0d10d

    • SSDEEP

      49152:k5Wy/20shMXR8uUz9cBbLc/6LCM01iNFFB9nO:k5Wy//sO8uDq6

    Score
    10/10
    ransomware

    • Deletes itself

    • Deletes log files

      Deletes log files on the system.

    • Reads CPU attributes

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks