General
-
Target
c22a6401a415fe642f3d96f38a887dd8ad23dd83a9255ee89d9adf4650ab98da.7z
-
Size
320KB
-
Sample
241111-yh4qvstngz
-
MD5
0ae1786f245b0f9f3c56b840f9e66ca4
-
SHA1
5f169c9e72799cef0f6b2d6b16b05822a76b829b
-
SHA256
eb5965f0e5dfe75357019ecc6e18b231b44d32c6d2f5fbf92c15020090e9120d
-
SHA512
dde9821026628656442202190ce56dd9497aaa364339fc32e4368c7d2dccc474543f37ef8f62afbbf3288b53e89e8afc27839b12dc4aafdcc77ef01ef879288a
-
SSDEEP
6144:MaQ0EImY93tS6MK3RqnllYePv3Buo91IOmrI6Uu4gDD6nZ+clLQHYejbU7eXA7Ez:fES938U3RqbYavPHmkmDPyLQHVXBz
Static task
static1
Behavioral task
behavioral1
Sample
c22a6401a415fe642f3d96f38a887dd8ad23dd83a9255ee89d9adf4650ab98da.7z
Resource
win10v2004-20241007-en
Malware Config
Extracted
blackmatter
2.0
a89e0e2e31db3e31a1e7a9630375f437
https://fluentzip.org
http://fluentzip.org
-
attempt_auth
false
-
create_mutex
true
-
encrypt_network_shares
true
-
exfiltrate
true
-
mount_volumes
true
Extracted
F:\ogFRBgZRA.README.txt
blackmatter
http://supp24yy6a66hwszu2piygicgwzdtbwftb76htfj7vnip3getgqnzxid.onion/O1E1HJ9H8JNKNNHC8
Targets
-
-
Target
c22a6401a415fe642f3d96f38a887dd8ad23dd83a9255ee89d9adf4650ab98da.7z
-
Size
320KB
-
MD5
0ae1786f245b0f9f3c56b840f9e66ca4
-
SHA1
5f169c9e72799cef0f6b2d6b16b05822a76b829b
-
SHA256
eb5965f0e5dfe75357019ecc6e18b231b44d32c6d2f5fbf92c15020090e9120d
-
SHA512
dde9821026628656442202190ce56dd9497aaa364339fc32e4368c7d2dccc474543f37ef8f62afbbf3288b53e89e8afc27839b12dc4aafdcc77ef01ef879288a
-
SSDEEP
6144:MaQ0EImY93tS6MK3RqnllYePv3Buo91IOmrI6Uu4gDD6nZ+clLQHYejbU7eXA7Ez:fES938U3RqbYavPHmkmDPyLQHVXBz
-
BlackMatter Ransomware
BlackMatter ransomware group claims to be Darkside and REvil succesor.
-
Blackmatter family
-
Renames multiple (155) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-