General
-
Target
ad260da314d2f8f3f1531cc5779cbba9
-
Size
64KB
-
Sample
240228-3msxdage55
-
MD5
ad260da314d2f8f3f1531cc5779cbba9
-
SHA1
30e15cf49a97e4560c96eed7e0c68ed9a8502023
-
SHA256
4ad9432cc817afa905bab2f16d4f713af42ea42f5e4fcf53e6d4b631a7d6da91
-
SHA512
3791b4058ee64bed388b10eeefd733ff45e10c4f374d5644cd4aa10eee6a3fac9bf31076be021acc5c46e8fe79f84048807aaf2c278a5e0e46d41eec00e5e723
-
SSDEEP
768:QDjahoICS4AIqa3x4aSOo+sYk+5qmOaA/yGzySTe7/cA2gdu0v:yzICS4ALqaaS1+Pq5aPGzysuENs
Malware Config
Extracted
blackmatter
1.2
bab21ee475b52c0c9eb47d23ec9ba1d1
https://paymenthacks.com
http://paymenthacks.com
https://mojobiden.com
http://mojobiden.com
-
attempt_auth
false
-
create_mutex
true
-
encrypt_network_shares
true
-
exfiltrate
true
-
mount_volumes
true
Extracted
C:\Users\iusZFBQZ6.README.txt
blackmatter
http://supp24yy6a66hwszu2piygicgwzdtbwftb76htfj7vnip3getgqnzxid.onion/GDBJS76DH3D4IKQD2QO7R
Targets
-
-
Target
ad260da314d2f8f3f1531cc5779cbba9
-
Size
64KB
-
MD5
ad260da314d2f8f3f1531cc5779cbba9
-
SHA1
30e15cf49a97e4560c96eed7e0c68ed9a8502023
-
SHA256
4ad9432cc817afa905bab2f16d4f713af42ea42f5e4fcf53e6d4b631a7d6da91
-
SHA512
3791b4058ee64bed388b10eeefd733ff45e10c4f374d5644cd4aa10eee6a3fac9bf31076be021acc5c46e8fe79f84048807aaf2c278a5e0e46d41eec00e5e723
-
SSDEEP
768:QDjahoICS4AIqa3x4aSOo+sYk+5qmOaA/yGzySTe7/cA2gdu0v:yzICS4ALqaaS1+Pq5aPGzysuENs
Score10/10-
BlackMatter Ransomware
BlackMatter ransomware group claims to be Darkside and REvil succesor.
-
Renames multiple (166) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Blocklisted process makes network request
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-