General
-
Target
5474b58de90ad79d6df4c633fb773053fecc16ad69fb5b86e7a2b640a2a056d6.zip
-
Size
605KB
-
Sample
240307-ybrsqach9x
-
MD5
b488270eb5a8a548ec287711e141d63b
-
SHA1
b685d9793eed3227f83f590fe8175bb3afc29cea
-
SHA256
9918e219d70d57d1459e28aeb020893e696990cd6c4367f76344308f0e7383cd
-
SHA512
29d0da7ee80114c0454a63eba5c328e30f476fe41d69489f2e8417a6a722a6d592f807c08b7f5673e17273eac8646fb749e9deebaccaac9f868458f90bf343e5
-
SSDEEP
12288:sy0fHMVJ+UDnZAcjzO1Ahk7Q26r0soiXYOSU3z5+kS0ImyWQ4hUHmXD6Ayk:sJHMVA0nW8Wuk7Q2cxoioOV5+p0Im5QY
Malware Config
Targets
-
-
Target
5474b58de90ad79d6df4c633fb773053fecc16ad69fb5b86e7a2b640a2a056d6.exe
-
Size
1.2MB
-
MD5
504890ff01be54dfa0ce0b92624614a2
-
SHA1
f8ce09a61e7b131c1d48e621b65a4789f7d5feed
-
SHA256
5474b58de90ad79d6df4c633fb773053fecc16ad69fb5b86e7a2b640a2a056d6
-
SHA512
45668897546f316af5565a63015cb91b2c9f275882bb39aa1c1b113b6a544f6bfdec1270e69ec932cbdc82432e1e86ff149eaf20747600cdd35086c286187fec
-
SSDEEP
24576:bxcxFP+OOobRioyJR5ezu413hJE5cxoBcYE41iZb0ZtA0fSWbasM:GfzBE6xs16gQ0fd9
Score10/10-
Matrix Ransomware
Targeted ransomware with information collection and encryption functionality.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Defense Evasion
Indicator Removal
2File Deletion
2Modify Registry
3File and Directory Permissions Modification
1