Overview

overview

9

Static

static

MATWORLD_QUOTE221.exe

windows7_x64

9

MATWORLD_QUOTE221.exe

windows10_x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MATWORLD_QUOTE221.exe

  • Size

    959KB

  • Sample

    200711-atcrktmrse

  • MD5

    f67268e684c9c3c9aec485d3b8011d57

  • SHA1

    12872aad2d3327b5cd32d1b2af56c2667aa74add

  • SHA256

    0874b3168d4582178f30aac5d4e86a935228aa76e68754692539105c51059467

  • SHA512

    1a084d70cd1964e4ea1f9b140c83d40495b6d2ee3ad88eef76917ab5b871e88adf329648e1c00dbbdf2b6cc072a16cc9e3b25db8cc5c821a6b46b6f5ae24d140

Score
9/10

Malware Config

Targets

    • Target

      MATWORLD_QUOTE221.exe

    • Size

      959KB

    • MD5

      f67268e684c9c3c9aec485d3b8011d57

    • SHA1

      12872aad2d3327b5cd32d1b2af56c2667aa74add

    • SHA256

      0874b3168d4582178f30aac5d4e86a935228aa76e68754692539105c51059467

    • SHA512

      1a084d70cd1964e4ea1f9b140c83d40495b6d2ee3ad88eef76917ab5b871e88adf329648e1c00dbbdf2b6cc072a16cc9e3b25db8cc5c821a6b46b6f5ae24d140

    Score
    9/10

    • Looks for VirtualBox Guest Additions in registry

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

4
T1012

System Information Discovery

4
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks