Overview

overview

8

Static

static

8

400.184/mats

ubuntu-18.04-amd64

1

400.184/mods

ubuntu-18.04-amd64

5

mats.img

windows7-x64

3

mats.img

windows10-2004-x64

3

rufus-3.13.exe

windows7-x64

8

rufus-3.13.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Mats RTX.rar

  • Size

    81MB

  • Sample

    230125-mpngnsfg48

  • MD5

    5ca90ca94f8c6b7d5b488c30f1ad0df4

  • SHA1

    f1595e5ab291e92a0b4bb30015b98c74b6a47c61

  • SHA256

    2c8f2cd14cc4456efa6cee74089b3e97363d0ea33bc809eb091fc0c0d39efe5b

  • SHA512

    ce7e7834873fe821d1948083c6ecf8a1877fdfe2f7b2f694b96acd172b8246c958a4fcb2afd4c81204d3b09a4330346843977c92bbc5d2a21940a44f2b2f43b0

  • SSDEEP

    1572864:gb48VXfDa0LXlzIFs1CVt8YE4mnrgifKjQoIMCnHTih+mYr:gb1D74SCFE3rgFkO6HTMTYr

Score
8/10
evasionlinuxtrojanupx

Malware Config

Targets

    • Target

      400.184/mats

    • Size

      1MB

    • MD5

      b5687e6cce10dbee5bb2bd4e498ed274

    • SHA1

      b23829db09196f0754290fa2c4601027097ec5bb

    • SHA256

      66918ac48a239c0fb7270d9d11ffe646b8275bf1b47d648eda595b58b9148ad0

    • SHA512

      4e84e03f1acf1c34ac406eb5a90d65e7ff21c052f30e7473ceb652e9f25ab5f34b11463dbd0d5febb5d2bc6840962cdfb3da2dca04fff8336b86a3c4d70f8d15

    • SSDEEP

      24576:B2Zc6+SVS8e+5Pgh6vZYYh4AhSvwkwrZZJqw2SBCwdYWp2OataogXOj2GcE:B2oMeGgh6v3XhSvwkwrzjKWQ4oPjbcE

    Score
    1/10
    behavioral1

    • Target

      400.184/mods

    • Size

      23MB

    • MD5

      39c86e0c3102034f7ae30e653e3afeba

    • SHA1

      ccfd6c1570473e4851ebf255a8519c8ad8c9f1da

    • SHA256

      4af640f74e44fc56aefe76d6d36ee3070e4304c8844b5d73028269f3845d2e56

    • SHA512

      4df53717a9742a8540f042352bab6a13bd2848cf3b776643dc4a461985daef1c7ba78cd6dd9cb7d7ac8478cc8ed86342ebeb1793bf8d918a7590c504d072d1da

    • SSDEEP

      393216:lOlQz0IDS/EJRpgvVjhYuzbrHkAERJj/HCmcansl4WySvd3Lg5jCQ13QFyEiRdR:4lQzH4ESVjhhXrkAC/HPcaQt7iBW3iRf

    Score
    5/10

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral2

    • Target

      mats.img

    • Size

      66MB

    • MD5

      707db4d641a2bb3e14bb91327b75ee87

    • SHA1

      acf77d5cffa8ebce597f80ca4c9b01b351352c3b

    • SHA256

      eac96ab9a056461c4560066936c8af173d17d18ac8af68e373fc07d73244e8dc

    • SHA512

      b27648968a389059af9cb3749c56dbd9a0c5234b44621d063cfde948eeaf9550cd9e89c4b7aa971427d6508efb8aecb3e8e6f7b5cc8a16b008d6c8e83382b9f5

    • SSDEEP

      1572864:3YmMX2KKYtxefLs1FZ9bE4P8+2t8qL70SmO:IRX2KttHX4

    Score
    3/10
    behavioral3behavioral4

    • Target

      rufus-3.13.exe

    • Size

      1MB

    • MD5

      c844fa688f3aafa80790ecd6a204bbb7

    • SHA1

      da498e3e80186ee16620f56a601e19fbdc1f8551

    • SHA256

      ec3136b053bd1559ad7ec1ea104113898093b886bf519e6117b138ef2e691cbb

    • SHA512

      442ab6f55fe3b9b648290d4f4ff6ac6bd3d3fe906936bbb26f7a9b31b52ff02aab6601cf342d3e11f705260585708aff80b45cf40633daf69d41d691d399a4df

    • SSDEEP

      24576:PakG2227tNDajxxTL6vpBedHlDW5nROQ7X1yBhpzAn:CtRwajxFL6vpwdHlcg01yB/z

    Score
    8/10
    evasiontrojanupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops file in System32 directory

    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks