Overview

overview

8

Static

static

7

MatSploit/...it.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MatSploit.zip

  • Size

    37.5MB

  • Sample

    230319-es3rrseg87

  • MD5

    cf15fa0f7d00a6eafddf9ebbe6a29f42

  • SHA1

    2eb59ea8bf77cd1d484536e085d111cd8a24d83f

  • SHA256

    e379bcb7b5b2e75b2bb54b8fec093dc0e026d226a822a2b72b2593f7c6fad37f

  • SHA512

    c98f6835f95fd4df8222cb265ee48f01f0269d8c0d47a5bc0336051ab343af2872092ea8f435699ab196f969c356a8e8e3a80ee0623b18a47ef0b614b5362793

  • SSDEEP

    786432:YA3FgAQuk+wMKYja5/wAefj82w/cgclA7qQSV0q7:YeFJJkDDYjYrefo2w/cJUVHi

Score
8/10
vmprotect

Malware Config

Targets

    • Target

      MatSploit/MatSploit.exe

    • Size

      2.5MB

    • MD5

      d00ac2e7d8e9b6ba3188803477ba7bc7

    • SHA1

      1ac71ddd70867836969f3b65d40f3d2c8e5619be

    • SHA256

      0d8822260ec449eaa05b664913e9722d93da48806ef1d22601bd7ba588083359

    • SHA512

      63c230239cc6838f99207a794b3b0346f245d8b021751acf8635ecd8c44fd4884bc3c1810c26bacf808b41d91ee3380925d94cc6b5c4b5d8d27d62ab23884368

    • SSDEEP

      49152:0r03f94DlM5D83gzEHGtReCMVBrbTK7Y/n3cFT+VP+5KO9OQiUZ8o5:C03fuDSo3gzEHGjduNyYEZ+Kv99OA

    Score
    8/10

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks