BlackMatter.B Ransomware

By CagedTech in Ransomware

Threat Scorecard

Popularity Rank:	14,506
Threat Level:	100 % (High)
Infected Computers:	81

First Seen:	July 6, 2022
Last Seen:	February 7, 2026
OS(es) Affected:	Windows

Table of Contents

Analysis Report

General information

Family Name:	BlackMatter.B Ransomware
Signature status:	No Signature

Known Samples

MD5: 573f7bbc881c3f1e494eedbf43d2d4de

SHA1: 26b15f4fb0bc355ff1cc075b16db40bd0455eadc

SHA256: A79AA14EA3ADB049C4B2A5B0BC1D4A5C4E19D69F8BDFB4063BA1E06D0513EF95

File Size: 147.97 KB, 147968 bytes

MD5: 2dc9eec37742a67a53e0b53b9213a9c2

SHA1: ac893ac6c0e2f364a5aa9ce7a81e31cfb84ad45f

SHA256: 24507D071C3BC85135A99C111B6F1D4B4A62F991E86BE8156CBDB1588EE3FA3D

File Size: 144.38 KB, 144384 bytes

MD5: 9c7599a2ae86bf3eadf6281e7ec60259

SHA1: 272b42aa7507cb45322306960bd0cedfc037c88b

SHA256: 2664C1AC1713608E5A283EEDF49D304D40DCD67A0B0B1BA7F7CD22C49C6D9FF0

File Size: 153.09 KB, 153088 bytes

MD5: df6449dd803d33a16b7f2a2f831f3b67

SHA1: 6e6a49bea6c390dff997bf0c24a39e3130bc3a22

SHA256: A92C3B06756C07B85D2211B4C323D5A53C62203F5A9E5096CC5A49D9C9B583FE

File Size: 150.02 KB, 150016 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have exports table
File doesn't have relocations information
File doesn't have resources
File doesn't have security information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed

IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Traits

2+ executable sections
HighEntropy
No Version Info
x86

Block Information

Total Blocks:	365
Potentially Malicious Blocks:	312
Whitelisted Blocks:	53
Unknown Blocks:	0

Visual Map

x 0 0 0 x x x x x x x x x x x x x 0 x 0 0 0 0 0 0 0 0 0 0 x x x x x x x x x x 0 x x x x x x x x x x x x x x x x x x x x x x 0 x x x x x x x x x x x x x x x 0 x x x x x x x x x 0 0 x 0 x x x x x x x x 0 x x x x x x x x 0 x x 0 x 0 x x x x x 0 x 1 x x x 1 x 1 x 0 x 0 x x x x x x x x 0 x 0 x x x x x x x 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 x x x x x x x x x x x x 0 0 x 0 x x x x x x x x x x x x x x x x 0 x x x x x x x x 0 x 0 x x x x x 0 x x x x x x x x 0 x x x x x 0 x x x x x x 0 x x x x x x x x x x x x x x 0 x x x x x x x 0 x 0 x x x x x x x x x x x x x x x x x x x x 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 x x x x x x x x 0 0 x x x x 0 0 x x x

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

BlackMatter.A
BlackMatter.B
BlackMatter.D
BlackMatter.F

Files Modified

File	Attributes
	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
	Generic Write,Read Attributes,Delete,LEFT 262144
	Generic Write,Read Data,Read Attributes,Delete,LEFT 262144
\\	Generic Write,Read Attributes
\\	Synchronize,Write Attributes
c:\$recycle.bin\s-1-5-18\aaaaaaaaaaa	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\bbbbbbbbbbb	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\ccccccccccc	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\ddddddddddd	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\desktop.ini	Generic Write,Read Attributes

c:\$recycle.bin\s-1-5-18\eeeeeeeeeee	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\fffffffffff	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\ggggggggggg	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\hhhhhhhhhhh	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\iiiiiiiiiii	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\jjjjjjjjjjj	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\kkkkkkkkkkk	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\lllllllllll	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\mmmmmmmmmmm	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\nnnnnnnnnnn	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\ooooooooooo	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\ppppppppppp	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\qqqqqqqqqqq	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\rrrrrrrrrrr	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\sssssssssss	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\ttttttttttt	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\uuuuuuuuuuu	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\vvvvvvvvvvv	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\wwwwwwwwwww	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\xxxxxxxxxxx	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\yyyyyyyyyyy	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\zzzzzzzzzzz	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\$iflz083	Generic Write,Read Attributes
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\aaaaaaaa	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\bbbbbbbb	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\cccccccc	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\dddddddd	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\desktop.ini	Generic Write,Read Attributes
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\eeeeeeee	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\ffffffff	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\gggggggg	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\hhhhhhhh	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\iiiiiiii	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\jjjjjjjj	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\kkkkkkkk	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\llllllll	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\mmmmmmmm	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\nnnnnnnn	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\oooooooo	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\pppppppp	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\qqqqqqqq	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\rrrrrrrr	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\ssssssss	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\tttttttt	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\uuuuuuuu	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\vvvvvvvv	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\wwwwwwww	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\xxxxxxxx	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\yyyyyyyy	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\zzzzzzzz	Synchronize,Write Data
c:\$winreagent\hsmdsl6oj.readme.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\hsmdsl6oj.readme.txt	Generic Write,Read Attributes
c:\inetpub\hsmdsl6oj.readme.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\hsmdsl6oj.ico	Generic Write,Read Attributes
c:\sandbox_local\hsmdsl6oj.readme.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\sandbox_stage\hsmdsl6oj.readme.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\startup_test\hsmdsl6oj.readme.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\hsmdsl6oj.readme.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\downloads\6e6a49bea6c390dff997bf0c24a39e3130bc3a22_0000150016	Generic Write,Read Attributes
c:\users\user\downloads\6e6a49bea6c390dff997bf0c24a39e3130bc3a22_0000150016	Synchronize,Write Attributes
c:\users\user\downloads\6e6a49bea6c390dff997bf0c24a39e3130bc3a22_0000150016.hsmdsl6oj	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\6e6a49bea6c390dff997bf0c24a39e3130bc3a22_0000150016.hsmdsl6oj	Synchronize,Write Data
c:\users\user\downloads\hsmdsl6oj.readme.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\hsmdsl6oj.readme.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144

Registry Modifications

Key::Value	Data	API Name
HKLM\software\classes\.hsmdsl6oj::	HSmDsl6oj	RegNtPreCreateKey
HKLM\software\classes\hsmdsl6oj\defaulticon::	C:\ProgramData\HSmDsl6oj.ico	RegNtPreCreateKey

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

BlackMatter.B Ransomware

Threat Scorecard

EnigmaSoft Threat Scorecard

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Submit Comment

Trending

Traffic-media.co

Trojan.Agent.OPA

Streaming Lab Tab

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen

How to Fix 'macOS cannot verify that this app is...