Malware Analysis Report

2024-10-16 03:21

Sample ID 240103-2g4w1sbgej
Target 3f328e68ed4d59973f9c5b4f36545ab0
SHA256 1247a68b960aa81b7517c614c12c8b5d1921d1d2fdf17be636079ad94caf970f
Tags
blackmatter ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1247a68b960aa81b7517c614c12c8b5d1921d1d2fdf17be636079ad94caf970f

Threat Level: Known bad

The file 3f328e68ed4d59973f9c5b4f36545ab0 was found to be: Known bad.

Malicious Activity Summary

blackmatter ransomware

Blackmatter family

Deletes itself

Deletes log files

Reads CPU attributes

Reads runtime system information

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-01-03 22:34

Signatures

Blackmatter family

blackmatter

Analysis: behavioral1

Detonation Overview

Submitted

2024-01-03 22:34

Reported

2024-01-03 22:37

Platform

ubuntu1804-amd64-20231215-en

Max time kernel

4s

Max time network

134s

Command Line

[/tmp/3f328e68ed4d59973f9c5b4f36545ab0]

Signatures

Deletes itself

Description Indicator Process Target
N/A N/A N/A N/A

Deletes log files

Description Indicator Process Target
File truncated /var/log/installer/.2146BC677F078171EFD9E535210536618953D86C250F460A N/A N/A
File truncated /var/log/installer/ReadMe.txt N/A N/A
File truncated /var/log/.1BF5CC212DC7FB1A0EFC4B93CB0C38C0C67838D9DC2DF9EF N/A N/A
File truncated /var/log/ReadMe.txt N/A N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online N/A N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/sys/vm/overcommit_memory N/A N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/.DBFD055C-9CF2-4BB8-908E-6DA22321BF17 /tmp/3f328e68ed4d59973f9c5b4f36545ab0 N/A
File opened for modification /tmp/daemon_1704317677.log N/A N/A

Processes

/tmp/3f328e68ed4d59973f9c5b4f36545ab0

[/tmp/3f328e68ed4d59973f9c5b4f36545ab0]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 151.101.194.49:443 tcp
US 151.101.65.91:443 tcp
GB 195.181.164.14:443 tcp
GB 185.125.188.61:443 tcp
US 1.1.1.1:53 cdn.fwupd.org udp
US 1.1.1.1:53 cdn.fwupd.org udp
GB 185.125.188.61:443 tcp
US 151.101.194.49:443 cdn.fwupd.org tcp
US 151.101.65.91:443 tcp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
GB 195.181.164.16:443 1527653184.rsc.cdn77.org tcp

Files

/tmp/.DBFD055C-9CF2-4BB8-908E-6DA22321BF17

MD5 7e6c36cd0eca5da79a64e13d02409a4f
SHA1 c66c08510ceb67495b8965c5c0fb8f2382e871e3
SHA256 30d7dbf153c6a3ead496dcd474ec2264244e5abfa52bfa44462092d0096e20a0
SHA512 0eceb1e0abd905063e37826058e878f01b1835df4bc29382abe31250e8ce8b44a86882146af3d059c88e377e539b08a0dc4ed4573b17e16f68e1eee6f637f8c2

/tmp/daemon_1704317677.log

MD5 299c2fcb1715816db0e2e983671545a8
SHA1 c3aeeff831c27a3b114e924ce13a48b5fac7f990
SHA256 fef2bb94ecd3da208d5a923dd2790dddbffc8eb3f25d6c1fa930bbc5bb0e03d5
SHA512 c2457de3884a646135843a7da88cde4eedbf55159dbdca139d0bee1553e4038f404a6101ebbd524b3bcab0589d352dc09b0cc46ce9c14d50fbbefa2d326c176b

/var/log/ReadMe.txt

MD5 9574a2575d6b362db1f9b78443a1336a
SHA1 f0e842916eb0d0efeb02f75e7c0335598a388a9e
SHA256 b012ea545aa829708146300bb07fbe92614cc6ea0cfdecd8743eeb5692220d85
SHA512 3eec9a12e372c5b66d403929d430d7923adaac31b71ccc3dd0da8a9e86f3ef10e9886531160a97d0d3c3c1dd0a49d248497f6210edac84670210a8c303adb959

/var/log/.1BF5CC212DC7FB1A0EFC4B93CB0C38C0C67838D9DC2DF9EF

MD5 c36ce3660ba8c23b8a3d5ec03bf8dde1
SHA1 323071155acd3c8c20b609fd585e6d6577aeb36b
SHA256 5a091703fed4af6f2a40da6d4b1a34e60ca2234dcc951ef7aef5fdde9ca95db7
SHA512 3c3d7ea4eee2d1e8609bd482e18004d1a07cb143a3978bee067802a390b46b95a18bb76ff08120b24200bbe1bd3dde00d908fed3b33cd42c2e934665f7220c0c

/var/log/installer/.2146BC677F078171EFD9E535210536618953D86C250F460A

MD5 fbee03e0a21ac127b2d22007811a315e
SHA1 d116820314bf6de1358a66bfa2d60d893f862ec0
SHA256 e3b3c4913d579272e44a0b9c3d866745edcc47f458a4bf66994f2c328de71955
SHA512 8d5639d13b405a2aff960f957beba069434cbb95275055dffb894ac0e243ba4ec01c6759ef28e12a4caddab84973bb9a91f0f18b5c4fe3650beefbf412729525