6a7b7147fea63d77368c73cef205eb75d16ef209a246b05698358a28fd16e502

Analysis

max time kernel
9s
max time network
45s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20240522.1-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20240522.1-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
17-09-2024 17:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Blackmatter.elf
Size

2.0MB
MD5

3f9a28e8c057e7ea7ccf15a4db81f362
SHA1

10d6d3c957facf06098771bf409b9593eea58c75
SHA256

6a7b7147fea63d77368c73cef205eb75d16ef209a246b05698358a28fd16e502
SHA512

58a71aeac247d206f023ee29aff81026881e41d3fbd268f7513e3bcd951701a68502361dd717befa79a094eb9fc0caaa9f8770ba83f5c94a8acb9ae0986ee386
SSDEEP

49152:k5Wy/20shMXR8uUz9cBbLc/6LCM01iNFFB9wO:k5Wy//sO8uDq6

Score

10^/10

defense_evasion discovery ransomware

Malware Config

Extracted

Path

/var/log/ReadMe.txt

Ransom Note

~+ * + ' BLACK | () .-.,='``'=. - o - '=/_ \ | * | '=._ | \ `=./`, ' . '=.__.=' `=' * + Matter + O * ' . >>> What happens? Your linux hosts are encrypted, and currently not operational. We need only money, after payment we will give you a decryptor for the entire network and you will restore all the data. >>> What guarantees? We are not a politically motivated group and we do not need anything other than your money. If you pay, we will provide you the programs for decryption and we will delete your data. If we do not give you decrypters or we do not delete your data, no one will pay us in the future, this does not comply with our goals. We always keep our promises. >> How to contact with us? 1. Download and install TOR Browser (https://www.torproject.org/). 2. Open http://supp24yy6a66hwszu2piygicgwzdtbwftb76htfj7vnip3getgqnzxid.onion/GDBJS76DH3D4IKQD2QO7R. >> Warning! Recovery recommendations. Do not DELETE or MODIFY any files, it can lead to recovery problems!

URLs

http://supp24yy6a66hwszu2piygicgwzdtbwftb76htfj7vnip3getgqnzxid.onion/GDBJS76DH3D4IKQD2QO7R

Signatures

Deletes itself 1 IoCs

pid
1558

Deletes log files 1 TTPs 2 IoCs

Deletes log files on the system.

defense_evasion

Clear Linux or Mac System Logs

T1070.002

description	ioc	Process
File truncated	/var/log/.1BF5CC212DC7FB1A0EFC4B93CB0C38C0C67838D9DC2DF9EF	Blackmatter.elf
File truncated	/var/log/ReadMe.txt	Blackmatter.elf

Reads CPU attributes 1 TTPs 1 IoCs

discovery

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/devices/system/cpu/online	Blackmatter.elf

Writes file to tmp directory 2 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/.DBFD055C-9CF2-4BB8-908E-6DA22321BF17	Blackmatter.elf
File opened for modification	/tmp/main.log	Blackmatter.elf

/tmp/Blackmatter.elf
/tmp/Blackmatter.elf
1⤵
- Deletes log files
- Reads CPU attributes
- Writes file to tmp directory
PID:1557

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

T1070

Clear Linux or Mac System Logs

T1070.002

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/.DBFD055C-9CF2-4BB8-908E-6DA22321BF17

Filesize
5B

MD5
453e58926c7a670009ef3037c574bf4f

SHA1
089db9df121f723b61996ea0f83ead7e3c5ba493

SHA256
72b6bda4f2579b6caad832e3457f82bdd4d300039ccc5d7fa730482eb335c753

SHA512
31b66ed53ab01f776fd60e7cb14e8edf3f0509c331b2be05689802d7864d8da36034b7045f2d810e4c317a3c8c9d59a616fadd8499178259b1ad7fd892cb1f77

Download Submit
/tmp/main.log

Filesize
6KB

MD5
1716a832476acbf34edccb7ea4119517

SHA1
204d791669569519e5a14f31aa424a2be5b04a21

SHA256
9d33037b78fe0f86f457b69638d4023df2f86465894031f502de72b5a241e2a0

SHA512
cc3b03522734c4a22ed5b7b44edbb71e52c0f9c2909e4ddd4baf31d3490810c787909b25b725fac0bf1f6945e689eba92675557403bfa92e6b798d174b47480a

Download Submit
/var/log/.1BF5CC212DC7FB1A0EFC4B93CB0C38C0C67838D9DC2DF9EF

Filesize
512B

MD5
0ffbff75b5ad12307e1cca224ee58d0e

SHA1
36dbab6ff8b84ccb3b9bbd7b609dec175d73d9b5

SHA256
a50895d8f4102deb59d14fa72862f705e88b2462686ee027ea9a63e8340a8653

SHA512
fa10abf4c5a89f00f1329878108b7c4e356c6ac1e2e0fba84a16872b8db34617f97edb12107f250981e40b54700a490914b124306b4771cf2092fb4842d0ee43

Download Submit
/var/log/ReadMe.txt

Filesize
1KB

MD5
a5d1d021df6f81a4137d7b58f2c94f33

SHA1
e5d2cd2451e8464bafb63cc6f6df74f7dc3ca4c1

SHA256
005191d057f679970d95c15e553229f82d66c5b1f08d5aecbd4ce4c9dc27856e

SHA512
d5f6f53cc7f18585214883a9de312c677e7adcc8956a01ae5583e859d730ea2be88f0ff8c297c9f1235b8695191758712845d1d6e801e5cef7979209868643c0

Download Submit