MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d84629725c1f765d4413ca1f2157c19e8a52d8b1fd603473853026cf93168b94. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Ransomware.BlackMatter


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d84629725c1f765d4413ca1f2157c19e8a52d8b1fd603473853026cf93168b94
SHA3-384 hash: 1f1b0b92ffe93f3d632bc436085145517e226637cff7c3b6b0a6fa16b2a53e101ed7c8c7f946d88510c0438817c21b3b
SHA1 hash: af3f2ff4d03346b2bb8b959db96ddc431a6eadcb
MD5 hash: adde5bf696564d04e75df69a4fbf5fd8
humanhash: pasta-papa-johnny-single
File name:Document.zip
Download: download sample
Signature Ransomware.BlackMatter
Create hunting rule
File size:12'276 bytes
First seen:2024-04-29 13:17:44 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 192:1iseH9Bzw+saP0JjFvGpnSusSNR3Vf3Z5vcH0mR+cUx7oWmFnj0Vmz6qHaU42:11eHg+swKKn8633ZVi0e+HodnIVmz60r
TLSH T19B42BFEB51E55C6EFC152FAF6FB1EFD6B6B0F4A0AE83285166C1A0D217AB611B010018
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter cocaman
Tags:Ransomware.BlackMatter zip


Avatar
cocaman
Malicious email (T1566.001)
From: "Jenny Green <Jenny@gsd.com>" (likely spoofed)
Received: "from [89.144.157.107] (unknown [89.144.157.107]) "
Date: "Mon, 29 Apr 2024 16:58:36 +0430"
Subject: "Your Document"
Attachment: "Document.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
116
Origin country :
CH CH
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:Document.doc.scr
File size:39'196 bytes
SHA256 hash: fef8602c604534d9bfed5fc0151dac2454d5f1db980eda8f13ec113746d5839f
MD5 hash: e899320be6735decd10f17f3e9fb4f8f
MIME type:application/x-dosexec
Signature Ransomware.BlackMatter
Vendor Threat Intelligence
Gathering data
Verdict:
Suspicious
Labled as:
Troj/Invo
Link:
https://www.hybrid-analysis.com/sample/d84629725c1f765d4413ca1f2157c19e8a52d8b1fd603473853026cf93168b94
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/d84629725c1f765d4413ca1f2157c19e8a52d8b1fd603473853026cf93168b94
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d84629725c1f765d4413ca1f2157c19e8a52d8b1fd603473853026cf93168b94/
Threat name:
Binary.Trojan.MintZard
Create hunting rule
Status:
Malicious
First seen:
2024-04-29 13:17:46 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
8 of 38 (21.05%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3bdcs4s4d53f2ratzipscv6bt2fffwfr7vqdi44fgatm7eywroka._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/240429-qmtgpabe64/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d84629725c1f765d4413ca1f2157c19e8a52d8b1fd603473853026cf93168b94

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Ransomware.BlackMatter

zip d84629725c1f765d4413ca1f2157c19e8a52d8b1fd603473853026cf93168b94

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments