General
-
Target
d0512f2063cbd79fb0f770817cc81ab3
-
Size
67KB
-
Sample
240317-jmcqlshg5v
-
MD5
d0512f2063cbd79fb0f770817cc81ab3
-
SHA1
e324a2c8fae0d26b12f00ac859340f8d9945a9c1
-
SHA256
7f6dd0ca03f04b64024e86a72a6d7cfab6abccc2173b85896fc4b431990a5984
-
SHA512
a62cecdf8887e426332d56914dfe03780402a34896ffe7a3a932986832db7080e599db32bb2113238443750227a50de84ae36c6811993c43b7eee8b1a018d641
-
SSDEEP
1536:RzICS4AT6GxdEe+TOdincJXvKv8Zg3kl/:qR7auJXSkZg3C/
Malware Config
Extracted
blackmatter
1.2
512478c08dada2af19e49808fbda5b0b
- Username:
[email protected] - Password:
120Heisler
- Username:
[email protected] - Password:
Tesla2019
- Username:
[email protected] - Password:
iteam8**
https://paymenthacks.com
http://paymenthacks.com
https://mojobiden.com
http://mojobiden.com
-
attempt_auth
true
-
create_mutex
true
-
encrypt_network_shares
true
-
exfiltrate
true
-
mount_volumes
true
Extracted
C:\Sl7OiPzOX.README.txt
blackmatter
http://supp24yy6a66hwszu2piygicgwzdtbwftb76htfj7vnip3getgqnzxid.onion/7NT6LXKC1XQHW5039BLOV
Targets
-
-
Target
d0512f2063cbd79fb0f770817cc81ab3
-
Size
67KB
-
MD5
d0512f2063cbd79fb0f770817cc81ab3
-
SHA1
e324a2c8fae0d26b12f00ac859340f8d9945a9c1
-
SHA256
7f6dd0ca03f04b64024e86a72a6d7cfab6abccc2173b85896fc4b431990a5984
-
SHA512
a62cecdf8887e426332d56914dfe03780402a34896ffe7a3a932986832db7080e599db32bb2113238443750227a50de84ae36c6811993c43b7eee8b1a018d641
-
SSDEEP
1536:RzICS4AT6GxdEe+TOdincJXvKv8Zg3kl/:qR7auJXSkZg3C/
Score10/10-
BlackMatter Ransomware
BlackMatter ransomware group claims to be Darkside and REvil succesor.
-
Renames multiple (155) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-