BlackMatter.F Ransomware
Table of Contents
Analysis Report
General information
| Family Name: | BlackMatter.F Ransomware |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
ebffb58dc9d1090964b464980b870de4
SHA1:
9947000a2e595d5c109049bac957f0e28dc59752
SHA256:
CB19ADD358DD94E571C1930122506889C8F881A63B6E44BE741A7C5F1AD4FBD2
File Size:
148.99 KB, 148992 bytes
|
|
MD5:
9253e4df1220902b5e6cf4e74d53bece
SHA1:
521a9bdf1f241e1d694d1408da09fbec21727ef5
SHA256:
71D3656DF9A09F0D2853911EF4E9336EAA835B76A2C6A0AE7011C1EC4FC23F1A
File Size:
289.44 KB, 289438 bytes
|
|
MD5:
e5b40bd1c93e450c83f3b3a9a7ec0c75
SHA1:
f0bae68f0bb6acae3585758d3e45b3295fb2fc45
SHA256:
370DD8262F482065BB227500272246BB46296EC687AFB630F812902725AD936F
File Size:
148.48 KB, 148480 bytes
|
|
MD5:
6252e89a35bb559ae4058f860c02b1e9
SHA1:
b9e105f13d7129a497932d7ef45d5b9d33bdbd97
SHA256:
4ABE9ED4BED794045EB6735C202FD4A5C61B828ABD27A8E4D4F804138A062597
File Size:
152.58 KB, 152576 bytes
|
|
MD5:
502b8c741533d7a923856015b47e8aad
SHA1:
053f5f6dcae530e192e5d6e01273912cc0b5c9db
SHA256:
0E8C671D5BFBDCBC15323B900A35B383B080EE7739507BB485721EC717C23E32
File Size:
152.58 KB, 152576 bytes
|
Show More
|
MD5:
705dfc9e9804a2e78058eeb1e2b72ccf
SHA1:
6a2b4b179df052f27383d4e9c534a62b380c7f96
SHA256:
C0CD0AED552D45DDC352DBDEF2F8FF1A12D83C68750C783DBB8ABB6E84C39989
File Size:
157.18 KB, 157184 bytes
|
|
MD5:
054b2865346c9955504642b93735d5ac
SHA1:
22786699bf86b9b3fa2e358dc51c7eebdf286e3c
SHA256:
3BEEE472CF37F78F5CA645C0113185B83D9A1DC89C0B4D18375F6A7361CE080D
File Size:
151.04 KB, 151040 bytes
|
|
MD5:
8ca8391ebbcfe4daba1fec375ca7def7
SHA1:
8bfd53b4875bb1d97f74a9a99e2539339052b11b
SHA256:
929C1807A67AD1CE675F25EC7023BB1E6DAE581A82293C24C1C9870D00FCE439
File Size:
151.04 KB, 151040 bytes
|
|
MD5:
44fa006e844c132ff3d1b51169ec814b
SHA1:
60b6936ccbe68512cf79c026ca8a69afc1975de1
SHA256:
EDA529212161B6E4BC16B5CBF499A019786C9E796C2F5A87E18DB32F3224D643
File Size:
150.53 KB, 150528 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have resources
- File doesn't have security information
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
Show More
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| File Version | 1.00 |
| Internal Name | TJprojMain |
| Original Filename | TJprojMain.exe |
| Product Name | Project1 |
| Product Version | 1.00 |
File Traits
- 2+ executable sections
- HighEntropy
- No Version Info
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 368 |
|---|---|
| Potentially Malicious Blocks: | 315 |
| Whitelisted Blocks: | 53 |
| Unknown Blocks: | 0 |
Visual Map
x
0
0
0
x
x
x
x
x
x
x
x
x
x
x
x
0
x
0
0
0
0
0
0
0
0
0
0
x
x
x
x
x
x
x
x
x
x
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
x
x
x
x
x
x
x
x
x
0
0
x
0
x
x
x
x
x
x
x
x
0
x
x
x
x
x
x
x
x
0
x
x
0
x
0
x
x
x
x
x
x
0
x
1
x
x
x
1
x
1
x
0
x
0
x
x
x
x
x
x
x
x
0
x
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
x
x
x
x
x
x
x
x
x
x
x
x
0
0
x
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
x
x
x
x
x
x
x
x
0
x
0
x
x
x
x
x
0
x
x
x
x
x
x
x
x
0
x
x
x
x
x
0
x
x
x
x
x
x
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
x
x
x
x
x
x
x
0
x
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
0
x
x
x
x
x
x
x
x
0
0
x
x
x
x
0
0
x
x
x
0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- BlackMatter.A
- BlackMatter.B
- BlackMatter.D
- BlackMatter.F
- BlackMatter.M
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 | |
| Generic Write,Read Attributes | |
| Generic Write,Read Attributes,Delete,LEFT 262144 | |
| Generic Write,Read Data,Read Attributes,Delete,LEFT 262144 | |
| Synchronize,Write Attributes | |
| \\ | Generic Write,Read Attributes |
| \\ | Synchronize,Write Attributes |
| c:\$recycle.bin\s-1-5-18\aaaaaaaaaaa | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-18\bbbbbbbbbbb | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-18\ccccccccccc | Synchronize,Write Data |
Show More
| c:\$recycle.bin\s-1-5-18\ddddddddddd | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-18\desktop.ini | Generic Write,Read Attributes |
| c:\$recycle.bin\s-1-5-18\eeeeeeeeeee | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-18\fffffffffff | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-18\ggggggggggg | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-18\hhhhhhhhhhh | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-18\iiiiiiiiiii | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-18\jjjjjjjjjjj | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-18\kkkkkkkkkkk | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-18\lllllllllll | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-18\mmmmmmmmmmm | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-18\nnnnnnnnnnn | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-18\ooooooooooo | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-18\ppppppppppp | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-18\qqqqqqqqqqq | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-18\rrrrrrrrrrr | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-18\sssssssssss | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-18\ttttttttttt | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-18\uuuuuuuuuuu | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-18\vvvvvvvvvvv | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-18\wwwwwwwwwww | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-18\xxxxxxxxxxx | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-18\yyyyyyyyyyy | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-18\zzzzzzzzzzz | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\$i04oq7f.log | Generic Write,Read Attributes |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\$i05wfli.log | Generic Write,Read Attributes |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\$iflz083 | Generic Write,Read Attributes |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\aaaaaaaa | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\aaaaaaaaaaa | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\aaaaaaaaaaaa | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\bbbbbbbb | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\bbbbbbbbbbb | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\bbbbbbbbbbbb | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\cccccccc | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\ccccccccccc | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\cccccccccccc | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\dddddddd | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\ddddddddddd | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\dddddddddddd | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\desktop.ini | Generic Write,Read Attributes |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\eeeeeeee | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\eeeeeeeeeee | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\eeeeeeeeeeee | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\ffffffff | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\fffffffffff | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\ffffffffffff | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\gggggggg | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\ggggggggggg | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\gggggggggggg | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\hhhhhhhh | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\hhhhhhhhhhh | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\hhhhhhhhhhhh | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\iiiiiiii | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\iiiiiiiiiii | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\iiiiiiiiiiii | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\jjjjjjjj | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\jjjjjjjjjjj | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\jjjjjjjjjjjj | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\kkkkkkkk | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\kkkkkkkkkkk | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\kkkkkkkkkkkk | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\llllllll | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\lllllllllll | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\llllllllllll | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\mmmmmmmm | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\mmmmmmmmmmm | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\mmmmmmmmmmmm | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\nnnnnnnn | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\nnnnnnnnnnn | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\nnnnnnnnnnnn | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\oooooooo | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\ooooooooooo | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\oooooooooooo | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\pppppppp | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\ppppppppppp | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\pppppppppppp | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\qqqqqqqq | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\qqqqqqqqqqq | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\qqqqqqqqqqqq | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\rrrrrrrr | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\rrrrrrrrrrr | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\rrrrrrrrrrrr | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\ssssssss | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\sssssssssss | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\ssssssssssss | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\tttttttt | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\ttttttttttt | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\tttttttttttt | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\uuuuuuuu | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\uuuuuuuuuuu | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\uuuuuuuuuuuu | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\vvvvvvvv | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\vvvvvvvvvvv | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\vvvvvvvvvvvv | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\wwwwwwww | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\wwwwwwwwwww | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\wwwwwwwwwwww | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\xxxxxxxx | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\xxxxxxxxxxx | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\xxxxxxxxxxxx | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\yyyyyyyy | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\yyyyyyyyyyy | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\yyyyyyyyyyyy | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\zzzzzzzz | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\zzzzzzzzzzz | Synchronize,Write Data |
| c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\zzzzzzzzzzzz | Synchronize,Write Data |
| c:\$winreagent\ihunyhish.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\$winreagent\kjhvigujl.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\$winreagent\qiukhx6rz.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\$winreagent\qnniwukt9.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\$winreagent\tomgkbbt6.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\$winreagent\wfoahhbsk.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\$winreagent\xxmv9cx9y.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\ihunyhish.readme.txt | Generic Write,Read Attributes |
| c:\inetpub\ihunyhish.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\inetpub\qiukhx6rz.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\inetpub\wfoahhbsk.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\kjhvigujl.readme.txt | Generic Write,Read Attributes |
| c:\programdata\kficlsimm.ico | Generic Write,Read Attributes |
| c:\programdata\kjhvigujl.ico | Generic Write,Read Attributes |
| c:\programdata\qiukhx6rz.ico | Generic Write,Read Attributes |
| c:\programdata\qnniwukt9.ico | Generic Write,Read Attributes |
| c:\programdata\tomgkbbt6.ico | Generic Write,Read Attributes |
| c:\programdata\xxmv9cx9y.ico | Generic Write,Read Attributes |
| c:\qiukhx6rz.readme.txt | Generic Write,Read Attributes |
| c:\qnniwukt9.readme.txt | Generic Write,Read Attributes |
| c:\sandbox_local\ihunyhish.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\sandbox_local\kjhvigujl.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\sandbox_local\qiukhx6rz.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\sandbox_local\qnniwukt9.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\sandbox_local\tomgkbbt6.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\sandbox_local\wfoahhbsk.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\sandbox_local\xxmv9cx9y.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\sandbox_stage\ihunyhish.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\sandbox_stage\kjhvigujl.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\sandbox_stage\qiukhx6rz.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\sandbox_stage\qnniwukt9.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\sandbox_stage\tomgkbbt6.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\sandbox_stage\wfoahhbsk.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\sandbox_stage\xxmv9cx9y.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\startup_test\ihunyhish.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\startup_test\kjhvigujl.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\startup_test\qiukhx6rz.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\startup_test\qnniwukt9.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\startup_test\tomgkbbt6.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\startup_test\wfoahhbsk.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\startup_test\xxmv9cx9y.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\tomgkbbt6.readme.txt | Generic Write,Read Attributes |
| c:\users\ihunyhish.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\users\kjhvigujl.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\users\qiukhx6rz.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\users\qnniwukt9.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\users\tomgkbbt6.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\users\user\downloads\053f5f6dcae530e192e5d6e01273912cc0b5c9db_0000152576 | Generic Write,Read Attributes |
| c:\users\user\downloads\053f5f6dcae530e192e5d6e01273912cc0b5c9db_0000152576 | Synchronize,Write Attributes |
| c:\users\user\downloads\053f5f6dcae530e192e5d6e01273912cc0b5c9db_0000152576.tomgkbbt6 | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\downloads\053f5f6dcae530e192e5d6e01273912cc0b5c9db_0000152576.tomgkbbt6 | Synchronize,Write Data |
| c:\users\user\downloads\22786699bf86b9b3fa2e358dc51c7eebdf286e3c_0000151040 | Generic Write,Read Attributes |
| c:\users\user\downloads\22786699bf86b9b3fa2e358dc51c7eebdf286e3c_0000151040 | Synchronize,Write Attributes |
| c:\users\user\downloads\22786699bf86b9b3fa2e358dc51c7eebdf286e3c_0000151040.qiukhx6rz | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\downloads\22786699bf86b9b3fa2e358dc51c7eebdf286e3c_0000151040.qiukhx6rz | Synchronize,Write Data |
| c:\users\user\downloads\60b6936ccbe68512cf79c026ca8a69afc1975de1_0000150528 | Generic Write,Read Attributes |
| c:\users\user\downloads\60b6936ccbe68512cf79c026ca8a69afc1975de1_0000150528 | Synchronize,Write Attributes |
| c:\users\user\downloads\60b6936ccbe68512cf79c026ca8a69afc1975de1_0000150528.ihunyhish | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\downloads\60b6936ccbe68512cf79c026ca8a69afc1975de1_0000150528.ihunyhish | Synchronize,Write Data |
| c:\users\user\downloads\6a2b4b179df052f27383d4e9c534a62b380c7f96_0000157184 | Generic Write,Read Attributes |
| c:\users\user\downloads\6a2b4b179df052f27383d4e9c534a62b380c7f96_0000157184 | Synchronize,Write Attributes |
| c:\users\user\downloads\6a2b4b179df052f27383d4e9c534a62b380c7f96_0000157184.qnniwukt9 | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\downloads\6a2b4b179df052f27383d4e9c534a62b380c7f96_0000157184.qnniwukt9 | Synchronize,Write Data |
| c:\users\user\downloads\8bfd53b4875bb1d97f74a9a99e2539339052b11b_0000151040 | Generic Write,Read Attributes |
| c:\users\user\downloads\8bfd53b4875bb1d97f74a9a99e2539339052b11b_0000151040 | Synchronize,Write Attributes |
| c:\users\user\downloads\8bfd53b4875bb1d97f74a9a99e2539339052b11b_0000151040.wfoahhbsk | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\downloads\8bfd53b4875bb1d97f74a9a99e2539339052b11b_0000151040.wfoahhbsk | Synchronize,Write Data |
| c:\users\user\downloads\9947000a2e595d5c109049bac957f0e28dc59752_0000148992 | Generic Write,Read Attributes |
| c:\users\user\downloads\9947000a2e595d5c109049bac957f0e28dc59752_0000148992 | Synchronize,Write Attributes |
| c:\users\user\downloads\9947000a2e595d5c109049bac957f0e28dc59752_0000148992.kjhvigujl | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\downloads\9947000a2e595d5c109049bac957f0e28dc59752_0000148992.kjhvigujl | Synchronize,Write Data |
| c:\users\user\downloads\b9e105f13d7129a497932d7ef45d5b9d33bdbd97_0000152576 | Generic Write,Read Attributes |
| c:\users\user\downloads\b9e105f13d7129a497932d7ef45d5b9d33bdbd97_0000152576 | Synchronize,Write Attributes |
| c:\users\user\downloads\b9e105f13d7129a497932d7ef45d5b9d33bdbd97_0000152576.xxmv9cx9y | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\downloads\b9e105f13d7129a497932d7ef45d5b9d33bdbd97_0000152576.xxmv9cx9y | Synchronize,Write Data |
| c:\users\user\downloads\ihunyhish.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\users\user\downloads\kjhvigujl.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\users\user\downloads\qiukhx6rz.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\users\user\downloads\qnniwukt9.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\users\user\downloads\tomgkbbt6.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\users\user\downloads\wfoahhbsk.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\users\user\downloads\xxmv9cx9y.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\users\user\ihunyhish.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
| c:\users\user\kjhvigujl.readme.txt | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144 |
9 additional files are not displayed above.
Registry Modifications
Registry Modifications
This section lists registry keys and values that were created, modified and/or deleted by samples in this family. Windows Registry activity can provide valuable insight into malware functionality. Additionally, malware often creates registry values to allow itself to automatically start and indefinitely persist after an initial infection has compromised the system.| Key::Value | Data | API Name |
|---|---|---|
| HKLM\software\classes\.kjhvigujl:: | kjhVigUjl | RegNtPreCreateKey |
| HKLM\software\classes\kjhvigujl\defaulticon:: | C:\ProgramData\kjhVigUjl.ico | RegNtPreCreateKey |
| HKLM\software\classes\.kficlsimm:: | KFIclsIMM | RegNtPreCreateKey |
| HKLM\software\classes\kficlsimm\defaulticon:: | C:\ProgramData\KFIclsIMM.ico | RegNtPreCreateKey |
| HKLM\software\classes\.xxmv9cx9y:: | xxmV9Cx9Y | RegNtPreCreateKey |
| HKLM\software\classes\xxmv9cx9y\defaulticon:: | C:\ProgramData\xxmV9Cx9Y.ico | RegNtPreCreateKey |
| HKLM\software\classes\.tomgkbbt6:: | tOmGkbBt6 | RegNtPreCreateKey |
| HKLM\software\classes\tomgkbbt6\defaulticon:: | C:\ProgramData\tOmGkbBt6.ico | RegNtPreCreateKey |
| HKLM\software\classes\.qnniwukt9:: | QNNiwUKT9 | RegNtPreCreateKey |
| HKLM\software\classes\qnniwukt9\defaulticon:: | C:\ProgramData\QNNiwUKT9.ico | RegNtPreCreateKey |
Show More
| HKLM\software\classes\.qiukhx6rz:: | QiukhX6Rz | RegNtPreCreateKey |
| HKLM\software\classes\qiukhx6rz\defaulticon:: | C:\ProgramData\QiukhX6Rz.ico | RegNtPreCreateKey |
| HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 | RegNtPreCreateKey |
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Other Suspicious |
|
