blackmatter | e8e2deb0a83aebb1e2cc14846bc71715343372103f279d2d1622e383fb26d6ef | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

builder.exe

windows10-2004-x64

8

Sharing

General

Target

builder.exe
Size

470KB
Sample

250214-ym9gxaxret
MD5

8c689dc9e82c9356b990d2b67b4943e1
SHA1

6bdc415b9c356bbeaea75c7336cd72910b95a644
SHA256

e8e2deb0a83aebb1e2cc14846bc71715343372103f279d2d1622e383fb26d6ef
SHA512

fb38a79dbcebde149736d5e1ca37dc15d274838be304d3f86e992d610b50c31d7fe4c30f6697c890f3753443af16eab712aef3f8da88d76ed00790083deb51e4
SSDEEP

12288:7tDkI5O/1MHOvEIfRfaXNCTL98vy7anEvY86vM1kiY4XotXpEKAoiO5wBmrkAUfM:7tQcOdu4BcCTL98vy7anEvY86vM1kiYt

Score

10^/10

blackmatter lockbit adware defense_evasion discovery persistence privilege_escalation stealer

Static task

static1

lockbit blackmatter

4 signatures

Behavioral task

behavioral1

Sample

builder.exe

Resource

win10v2004-20250211-en

adware defense_evasion discovery persistence privilege_escalation stealer

windows10-2004-x64

26 signatures

150 seconds

Malware Config

Extracted

Family

blackmatter

Version

65.239

Targets

- Target
  
  builder.exe
- Size
  
  470KB
- MD5
  
  8c689dc9e82c9356b990d2b67b4943e1
- SHA1
  
  6bdc415b9c356bbeaea75c7336cd72910b95a644
- SHA256
  
  e8e2deb0a83aebb1e2cc14846bc71715343372103f279d2d1622e383fb26d6ef
- SHA512
  
  fb38a79dbcebde149736d5e1ca37dc15d274838be304d3f86e992d610b50c31d7fe4c30f6697c890f3753443af16eab712aef3f8da88d76ed00790083deb51e4
- SSDEEP
  
  12288:7tDkI5O/1MHOvEIfRfaXNCTL98vy7anEvY86vM1kiY4XotXpEKAoiO5wBmrkAUfM:7tQcOdu4BcCTL98vy7anEvY86vM1kiYt
Score

8^/10

adware defense_evasion discovery persistence privilege_escalation stealer
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Downloads MZ/PE file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Browser Extensions

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Modify Registry

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

lockbitblackmatter

behavioral1

adwaredefense_evasiondiscoverypersistenceprivilege_escalationstealer

© 2018-2025

Terms | Privacy