General
-
Target
b06e2455a9c7c9485b85e9bdcceb8078
-
Size
34KB
-
Sample
240303-zzd27sge9v
-
MD5
b06e2455a9c7c9485b85e9bdcceb8078
-
SHA1
a63304592f422656d7abcb086915f9e799ad4641
-
SHA256
072158f5588440e6c94cb419ae06a27cf584afe3b0cb09c28eff0b4662c15486
-
SHA512
adc0501cbb19b53ecafa4522d5369f08e013df3c06dc068f3b1b6b823bca9dfa49a93d0fe1df5fb9ae026305f720cb8923bdbb9c5b7b98fb846670dd3e51fcf9
-
SSDEEP
768:4mgeEbf2rriFVI1kggGVtSMC2F7QGIFFBMter7RI7d91NTYkd8aex:CE+VYVYMC2F7Aoter2j1lYg
Malware Config
Extracted
blackmatter
1.2
512478c08dada2af19e49808fbda5b0b
- Username:
[email protected] - Password:
120Heisler
- Username:
[email protected] - Password:
Tesla2019
- Username:
[email protected] - Password:
iteam8**
https://paymenthacks.com
http://paymenthacks.com
https://mojobiden.com
http://mojobiden.com
-
attempt_auth
true
-
create_mutex
true
-
encrypt_network_shares
true
-
exfiltrate
true
-
mount_volumes
true
Extracted
C:\Users\JBBoXFxoE.README.txt
blackmatter
http://supp24yy6a66hwszu2piygicgwzdtbwftb76htfj7vnip3getgqnzxid.onion/7NT6LXKC1XQHW5039BLOV
Extracted
blackmatter
1.2
Targets
-
-
Target
b06e2455a9c7c9485b85e9bdcceb8078
-
Size
34KB
-
MD5
b06e2455a9c7c9485b85e9bdcceb8078
-
SHA1
a63304592f422656d7abcb086915f9e799ad4641
-
SHA256
072158f5588440e6c94cb419ae06a27cf584afe3b0cb09c28eff0b4662c15486
-
SHA512
adc0501cbb19b53ecafa4522d5369f08e013df3c06dc068f3b1b6b823bca9dfa49a93d0fe1df5fb9ae026305f720cb8923bdbb9c5b7b98fb846670dd3e51fcf9
-
SSDEEP
768:4mgeEbf2rriFVI1kggGVtSMC2F7QGIFFBMter7RI7d91NTYkd8aex:CE+VYVYMC2F7Aoter2j1lYg
Score10/10-
BlackMatter Ransomware
BlackMatter ransomware group claims to be Darkside and REvil succesor.
-
Renames multiple (144) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-