General
-
Target
83b5eed2bc3b182170fd40ec8b8f5867_JaffaCakes118
-
Size
80KB
-
Sample
241031-2b8m1svaqp
-
MD5
83b5eed2bc3b182170fd40ec8b8f5867
-
SHA1
b4072bc41d10a822f0ca63094dd30eae6fa008a2
-
SHA256
fe2b2beeff98cae90f58a5b2f01dab31eaa98d274757a7dd9f70f4dc8432a6e2
-
SHA512
0c108e05c59831ee963122e2e77df1eb6ed8e0fd96f3b33fd1d1719447099144601cc3e28338bf6929933e80b885e3329f322f1831ed313e0859258484d48e16
-
SSDEEP
1536:nnICS4A79p2qFTM2HT02F4mHI5mF7O3p6R9:0pOqFQ2HT025HI56
Malware Config
Extracted
blackmatter
2.0
d0e84579a05c8e92e95eee8f5d0000e5
- Username:
[email protected] - Password:
Mouseman02
https://fluentzip.org
http://fluentzip.org
-
attempt_auth
true
-
create_mutex
true
-
encrypt_network_shares
true
-
exfiltrate
true
-
mount_volumes
true
Extracted
C:\gqBGwMBGo.README.txt
blackmatter
http://supp24yy6a66hwszu2piygicgwzdtbwftb76htfj7vnip3getgqnzxid.onion/5PRYG0PCO2OW528IDWU3VFPE
Targets
-
-
Target
83b5eed2bc3b182170fd40ec8b8f5867_JaffaCakes118
-
Size
80KB
-
MD5
83b5eed2bc3b182170fd40ec8b8f5867
-
SHA1
b4072bc41d10a822f0ca63094dd30eae6fa008a2
-
SHA256
fe2b2beeff98cae90f58a5b2f01dab31eaa98d274757a7dd9f70f4dc8432a6e2
-
SHA512
0c108e05c59831ee963122e2e77df1eb6ed8e0fd96f3b33fd1d1719447099144601cc3e28338bf6929933e80b885e3329f322f1831ed313e0859258484d48e16
-
SSDEEP
1536:nnICS4A79p2qFTM2HT02F4mHI5mF7O3p6R9:0pOqFQ2HT025HI56
Score10/10-
BlackMatter Ransomware
BlackMatter ransomware group claims to be Darkside and REvil succesor.
-
Blackmatter family
-
Renames multiple (146) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-