Resubmissions
08-05-2024 09:27
240508-lex3padf6x 308-05-2024 07:40
240508-jhrnzacc76 1002-05-2024 08:07
240502-jz73aach8v 329-04-2024 07:01
240429-hs9f4ada65 329-04-2024 06:59
240429-hr6ntada47 329-04-2024 06:31
240429-hafq3acf45 325-04-2024 09:44
240425-lqz2eshe65 325-04-2024 09:43
240425-lp8l6she54 324-04-2024 10:48
240424-mwdaaaha2w 323-04-2024 11:21
240423-nf4b7sff99 10General
-
Target
b28242123ed2cf6000f0aa036844bd29
-
Size
87KB
-
Sample
240311-n7w27sbf5s
-
MD5
b28242123ed2cf6000f0aa036844bd29
-
SHA1
915f41a6c59ed743803ea0ddde08927ffd623586
-
SHA256
fd563cf7c0c862ab910cf558b5a123354b616e84902d277edf09f378ff6f9786
-
SHA512
08e5966ca90f08c18c582e6c67d71186a6f9c025fc9f78020e1ce202814de094171111b7f3623d81f7371acdf92206446f7c0425e08e8f5f5b6fd969007d9fca
-
SSDEEP
1536:0A1KsVHBnVJ0T1rFTQHUPx+nVP7ZSRILMZoXyqqEbzPCAdt6rFTc:0A1rVIrFTOUsnVP7sRILgAPCvrFTc
Static task
static1
Behavioral task
behavioral1
Sample
b28242123ed2cf6000f0aa036844bd29.dll
Resource
win11-20240221-en
Malware Config
Extracted
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\#README_EMAN#.rtf
EncodeMan@qq.com\par
EncodeMan@protonmail.com\par
EncodeMan@tutanota.com\cf1\fs24\par
https://bitmsg.me
https://bitmsg.me/users/sign_up
https://bitmsg.me/users/sign_in
Targets
-
-
Target
b28242123ed2cf6000f0aa036844bd29
-
Size
87KB
-
MD5
b28242123ed2cf6000f0aa036844bd29
-
SHA1
915f41a6c59ed743803ea0ddde08927ffd623586
-
SHA256
fd563cf7c0c862ab910cf558b5a123354b616e84902d277edf09f378ff6f9786
-
SHA512
08e5966ca90f08c18c582e6c67d71186a6f9c025fc9f78020e1ce202814de094171111b7f3623d81f7371acdf92206446f7c0425e08e8f5f5b6fd969007d9fca
-
SSDEEP
1536:0A1KsVHBnVJ0T1rFTQHUPx+nVP7ZSRILMZoXyqqEbzPCAdt6rFTc:0A1rVIrFTOUsnVP7sRILgAPCvrFTc
-
Matrix Ransomware
Targeted ransomware with information collection and encryption functionality.
-
Modifies boot configuration data using bcdedit
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Executes dropped EXE
-
Modifies file permissions
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Defense Evasion
Indicator Removal
2File Deletion
2Modify Registry
2File and Directory Permissions Modification
1