BlackMatter.M Ransomware

By CagedTech in Ransomware

Table of Contents

Analysis Report

General information

Family Name:	BlackMatter.M Ransomware
Signature status:	No Signature

Known Samples

MD5: 06434792433517e97edfa9ac0908e80e

SHA1: b129180aecb84726b0b9093a7f0c3b9130334e6f

SHA256: 9B524739BB5311E3D29CE7CA00F494F4820C408AD2F22C7AA2FA09B0B4B9BEE1

File Size: 161.79 KB, 161792 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have exports table
File doesn't have resources
File doesn't have security information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)

IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Traits

2+ executable sections
HighEntropy
No Version Info
x86

Block Information

Total Blocks:	364
Potentially Malicious Blocks:	313
Whitelisted Blocks:	51
Unknown Blocks:	0

Visual Map

x 0 0 0 x x x x 0 x x x x x x x x x 0 0 0 0 0 0 0 0 0 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 x x x x x x x x x x x x x x x 0 x x x x x x x x x 0 0 x 0 x x x x x x x x 0 x x x x x x x x 0 x x 0 x 0 x x x x x x 0 x 1 x x x 1 x 1 x 0 x 0 x x x x x x x x 0 x 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 x x x x x x x x x x x x 0 0 x 0 x x x x x x x x x x x x x x x x 0 x x x x x x x x 0 x 0 x x x x x 0 x x x x x x x x 0 x x x x x 0 x x x x x x 0 x x x x x x x x x x x x x x 0 x x x x x x x 0 x 0 x x x x x x x x x x x x x x x x x x x x 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 x x x x x x x x 0 0 x x x x 0 0 x x x x

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

BlackMatter.A
BlackMatter.B
BlackMatter.D
BlackMatter.F
BlackMatter.M

Files Modified

File	Attributes
	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
	Generic Write,Read Attributes,Delete,LEFT 262144
	Generic Write,Read Data,Read Attributes,Delete,LEFT 262144
\\	Generic Write,Read Attributes
\\	Synchronize,Write Attributes
c:\$recycle.bin\s-1-5-18\aaaaaaaaaaa	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\bbbbbbbbbbb	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\ccccccccccc	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\ddddddddddd	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\desktop.ini	Generic Write,Read Attributes

c:\$recycle.bin\s-1-5-18\eeeeeeeeeee	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\fffffffffff	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\ggggggggggg	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\hhhhhhhhhhh	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\iiiiiiiiiii	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\jjjjjjjjjjj	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\kkkkkkkkkkk	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\lllllllllll	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\mmmmmmmmmmm	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\nnnnnnnnnnn	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\ooooooooooo	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\ppppppppppp	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\qqqqqqqqqqq	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\rrrrrrrrrrr	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\sssssssssss	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\ttttttttttt	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\uuuuuuuuuuu	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\vvvvvvvvvvv	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\wwwwwwwwwww	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\xxxxxxxxxxx	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\yyyyyyyyyyy	Synchronize,Write Data
c:\$recycle.bin\s-1-5-18\zzzzzzzzzzz	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\aaaaaaaaaaa	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\bbbbbbbbbbb	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\ccccccccccc	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\ddddddddddd	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\desktop.ini	Generic Write,Read Attributes
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\eeeeeeeeeee	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\fffffffffff	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\ggggggggggg	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\hhhhhhhhhhh	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\iiiiiiiiiii	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\jjjjjjjjjjj	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\kkkkkkkkkkk	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\lllllllllll	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\mmmmmmmmmmm	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\nnnnnnnnnnn	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\ooooooooooo	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\ppppppppppp	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\qqqqqqqqqqq	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\rrrrrrrrrrr	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\sssssssssss	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\ttttttttttt	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\uuuuuuuuuuu	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\vvvvvvvvvvv	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\wwwwwwwwwww	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\xxxxxxxxxxx	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\yyyyyyyyyyy	Synchronize,Write Data
c:\$recycle.bin\s-1-5-21-3119368278-1123331430-659265220-1001\zzzzzzzzzzz	Synchronize,Write Data
c:\$winreagent\gh8h2gdmi.readme.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\gh8h2gdmi.readme.txt	Generic Write,Read Attributes
c:\inetpub\gh8h2gdmi.readme.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\gh8h2gdmi.ico	Generic Write,Read Attributes
c:\sandbox_local\gh8h2gdmi.readme.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\sandbox_stage\gh8h2gdmi.readme.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\startup_test\gh8h2gdmi.readme.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\gh8h2gdmi.readme.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\downloads\b129180aecb84726b0b9093a7f0c3b9130334e6f_0000161792	Generic Write,Read Attributes
c:\users\user\downloads\b129180aecb84726b0b9093a7f0c3b9130334e6f_0000161792	Synchronize,Write Attributes
c:\users\user\downloads\b129180aecb84726b0b9093a7f0c3b9130334e6f_0000161792.gh8h2gdmi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\b129180aecb84726b0b9093a7f0c3b9130334e6f_0000161792.gh8h2gdmi	Synchronize,Write Data
c:\users\user\downloads\gh8h2gdmi.readme.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\gh8h2gdmi.readme.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144

Registry Modifications

Key::Value	Data	API Name
HKLM\software\classes\.gh8h2gdmi::	gH8h2Gdmi	RegNtPreCreateKey
HKLM\software\classes\gh8h2gdmi\defaulticon::	C:\ProgramData\gH8h2Gdmi.ico	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

BlackMatter.M Ransomware

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Submit Comment

Trending

Trojan.Kryptik.JUD

Trojan.Agent.MBD

PUP.Baidu.A

Most Viewed

Pornktube.porn

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen