4f59429fb16674587e462f66c5732b51d211df9bcce758eec5b31046f05a2d60

Sharing

Copy URL

Twitter E-mail

General

Target

MatSploit.rar
Size

8.8MB
Sample

230323-t7hgpsgh74
MD5

6d9593c0b6e8cf81b323bb5453736f17
SHA1

74b23a9cf26009b311e1f1b853f9284c5c426f27
SHA256

4f59429fb16674587e462f66c5732b51d211df9bcce758eec5b31046f05a2d60
SHA512

adb0c2bc93c32208b52aec01cd6be5af810389410caf1d81b12a31a699483178f1ddc9f30d37ddc3d93680a872c6e768e556cee8ebb0d706b1504ca310e77f66
SSDEEP

196608:/vecjlVi2vDWmm1PTlbEfT7Pe4Nc7EdPjifLZqEM4PoMxSh0Ih5Y:Hl7WZ1PpCTre4a7EdPWd3QgSDY

Score

8^/10

vmprotect

Malware Config

Targets

- Target
  
  MatSploit.rar
- Size
  
  8.8MB
- MD5
  
  6d9593c0b6e8cf81b323bb5453736f17
- SHA1
  
  74b23a9cf26009b311e1f1b853f9284c5c426f27
- SHA256
  
  4f59429fb16674587e462f66c5732b51d211df9bcce758eec5b31046f05a2d60
- SHA512
  
  adb0c2bc93c32208b52aec01cd6be5af810389410caf1d81b12a31a699483178f1ddc9f30d37ddc3d93680a872c6e768e556cee8ebb0d706b1504ca310e77f66
- SSDEEP
  
  196608:/vecjlVi2vDWmm1PTlbEfT7Pe4Nc7EdPjifLZqEM4PoMxSh0Ih5Y:Hl7WZ1PpCTre4a7EdPWd3QgSDY
Score

3^/10
behavioral1 behavioral2
- Target
  
  BootsTrapperU.exe
- Size
  
  165KB
- MD5
  
  8b57e3af9a6b863fbe0746db752eba75
- SHA1
  
  bca3c16f360dc795cb31882c04c9ff0ec4d20511
- SHA256
  
  ee6e94dcb0f4bb34d487919faee67b4c178daee696d5bc84b229a24c8cad1c6f
- SHA512
  
  1799155f917d2a47691745c71b9e5dcb5b21e05fd5a7ae3105a6375bf2a5b5fdf944fc773177f670ea051bf0098a5c9685e14dba67c676fb0a5cdb51f46e4add
- SSDEEP
  
  3072:wxhMfvkWEpAJvlOT/NAWCNsxi8fdMznFHTfgCkPbQN982cUJWVgVK5o6V9207o0+:wxCfvkWEe9hWc8fdMFHrsPbbo742wb3B
Score

8^/10
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral3 behavioral4
- Target
  
  DiscordRPC.dll
- Size
  
  83KB
- MD5
  
  813014542935ce0b3286ca76fc98d2fa
- SHA1
  
  95d54fc8efffdad935fe336bc67e12548cd9ed0f
- SHA256
  
  2d0e1b4688a113309fe39a7453d2ceecb1a37197562ae6deb0fda2aff33295b2
- SHA512
  
  c62e4af133e389926e70960d038baa9c56bcc12a46251f5c35fdcb54e6c31272da4c1326982c3792aef431dbebd450b4e804a997ab1645cc7c1b179679184eb7
- SSDEEP
  
  1536:s2qVp5gEdkfdBPQsC9eVCyo9ZDH09EOUwSi++mfxsSFEjg:sdVp5DUVCHDg/dSt+mxE8
Score

1^/10
behavioral5 behavioral6
- Target
  
  ICSharpCode.AvalonEdit.dll
- Size
  
  604KB
- MD5
  
  85525afb01eafb7cd53e171344de4653
- SHA1
  
  65e4609b6e1d9d0de5568049687edd84fda6d2d3
- SHA256
  
  b5180b33e6bb8f215d69d91a6fab46e2e633b222095bcfcafba2530beb181eab
- SHA512
  
  3b30b7b4b32ab72ac0903e2053613bf0cd33c8f54879ca012dee12b319aa598e84329e59fc0edb19ad2b4ba6b6d25c12c88cbb78f655e3e6d6396ce909b10799
- SSDEEP
  
  6144:vYFY292KUWr402FLGPbZbhhJNE0YXOfM+kVsjXs+3lR0jqItEkjoM:Qm70Q271E0YXHClfK
Score

1^/10
behavioral7 behavioral8
- Target
  
  ICSharpCode.AvalonEdit.xml
- Size
  
  582KB
- MD5
  
  5bd494ea6ab9ed3a0dd5f4736a6c1f8d
- SHA1
  
  9ffb4fa061171eeba0714cad028c4655aa2d241c
- SHA256
  
  a8de4e43ec6747781a7e01a7e5d51c92cffff32879e6bc3795c75c9ac90fd9cf
- SHA512
  
  60eb5a1a8b253e680bfe4340c2ef4810ef3089124959804436a1a910a8750208972623923e7613a03a41db0d08a93c568c7b424a5406bb5ea40453f2c617a71c
- SSDEEP
  
  6144:sFilxsTCj3BkjMG8AitANoPNzLINIFlhgTS9ycdxyhxYYbqEt:9g2Yc4
Score

1^/10
behavioral10 behavioral9
- Target
  
  MatSploit.exe
- Size
  
  1.6MB
- MD5
  
  28bb98b32516829a00facf1232514479
- SHA1
  
  2c3fe53d4ddaa31bb09d3136ea8102697a0ebcf9
- SHA256
  
  6de25bc2a38be29578d61366fd5a789a58896dbe1c467f305f31e289d120e4a5
- SHA512
  
  8c121038c006039b057fe424d586647e732ee18f33526d7cee32b955666c0930ce6023cf45cfa2511a765f6c8a1fe0a6f5618bc9d88ae094ed86790edcd8a0ac
- SSDEEP
  
  49152:ySIgFm/3uuUX4ykWAfi313LfCzCcwSGO:HIgFmHUGaF3jecSGO
Score

8^/10
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral11 behavioral12
- Target
  
  bin/BootstrapperVersion.txt
- Size
  
  6B
- MD5
  
  a19f30071f8ac5c3999b7328ad578380
- SHA1
  
  3a9076f4bf68ae9702aba10239ab9b6840c203de
- SHA256
  
  c8d40e3fc93e328816f7a6ec5faf2cc18d6f89dccec4ee591280466223446540
- SHA512
  
  a4e3b0a8eb943f258224fc40d03fb6980258c1b21b2042c0d82dfa3f70c787a50943c2c11271c7ad638c9940aa60bdd1934edc94c9f3d572da71baf49701a082
Score

1^/10
behavioral13 behavioral14
- Target
  
  bin/MatSploit.dll
- Size
  
  6.9MB
- MD5
  
  569a4787d78d9265ce8e554866782dff
- SHA1
  
  2977bdf2ab1aaf1ca7d4fce317688704e4128d43
- SHA256
  
  8507d520156b39254eeef619c8319cf2bef874ed2ea0cd2f58ddbc9202183d25
- SHA512
  
  1fe9664798bcdc1d74392ab1fa86db25932cbac20c5e24f0c3291911c2569e88373222f9e7925c148ed234957aade020687a501f58189ab7a3d16eb77e7f1aed
- SSDEEP
  
  196608:Fv+Lg8T+IrHUnc62aksjpMpAgpmO4EfaYbT:Fv5E0lksNMuamU
Score

8^/10

vmprotect
- Blocklisted process makes network request
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral15 behavioral16
- Target
  
  bin/UIVersion.txt
- Size
  
  6B
- MD5
  
  ee2c4000487d47a50cf869219ac0d500
- SHA1
  
  69865aaf96159e1ded6beb846b91368963980385
- SHA256
  
  7643ff9e4dd6661e7473e1d484574bcf8e8d47ffbd6893a0fc2d9145a5bfe4ff
- SHA512
  
  8b30249bc9f56b53d74e7b2072fc3a6b071b292bf1b25e2787c6eae4972f63a4bc3645860b6a997858d97cc5f14080006f6ca3624cb15fa6ffebdf2a4496d55e
Score

1^/10
behavioral17 behavioral18
- Target
  
  bin/Zeus.exe
- Size
  
  8KB
- MD5
  
  d0c214ef8c16e66af2fccb2c82e3e1ce
- SHA1
  
  108c5c4f068f00105f9d15f1fb6395e9f8055392
- SHA256
  
  a6a52b01fdd172b2ed566b180a4cdd29ecd63961effca95f879a37969888551b
- SHA512
  
  11fcb87de42729dfc16b89699b0c4c81f2dbe63be902ac30d07c9dc3e6cea612cda80a8fede3582ad98535e53f684651674351b79d6bb0e4d09bcd6f89751962
- SSDEEP
  
  96:PbxXemmFrmDP0WUaEuir0nY9EpvAxr5LF3PFFqhz45Mn0jFzNt:PQSDP0WtEupY90AxrHChz45Mn4/
Score

1^/10
behavioral19 behavioral20
- Target
  
  bin/lua.xshd
- Size
  
  3KB
- MD5
  
  06c3876d77733fb64b8ec472afc77133
- SHA1
  
  10404820f6f7b1b3eba8be8ed11ce3873cdc1199
- SHA256
  
  4fe8128712ef9160e233ce05034046e90fba572a75f253853d8c21c8b1207a9c
- SHA512
  
  f7f76edd231772118152d3d6a3c2b0668adac4055057d5989cc17da9b15f76695a86debfe327ca149819b5478e89cb9f0ce51fd70753e5e4cd2eb4cc0e42a691
Score

1^/10
behavioral21 behavioral22
- Target
  
  bin/rbxfpsunlocker.exe
- Size
  
  485KB
- MD5
  
  0ad95de215bdee42c18c5833a5fc3dc6
- SHA1
  
  a22eb68776958b42b5fa147f15141b0f06f1557f
- SHA256
  
  fc3f95654a181920f05056063bce148fdad38c4b2cd28fa3870bd4e071c564d8
- SHA512
  
  fb5b22e8ac306a9d91bc90697a0ef38a9d89be807053e8687ad60262df57e2a2192a1edafd4d611431976026f6e46785973036ecbc91ecd42098f92a4eeff1f8
- SSDEEP
  
  6144:YIWaU6EMyPwt1pcLjY0AJyGsrKdR6xmdohketP6ShV:YIWaUMyPu1pwjmIrKdIWoKetzV
Score

3^/10
behavioral23 behavioral24
- Target
  
  bin/version.txt
- Size
  
  6B
- MD5
  
  ee2c4000487d47a50cf869219ac0d500
- SHA1
  
  69865aaf96159e1ded6beb846b91368963980385
- SHA256
  
  7643ff9e4dd6661e7473e1d484574bcf8e8d47ffbd6893a0fc2d9145a5bfe4ff
- SHA512
  
  8b30249bc9f56b53d74e7b2072fc3a6b071b292bf1b25e2787c6eae4972f63a4bc3645860b6a997858d97cc5f14080006f6ca3624cb15fa6ffebdf2a4496d55e
Score

1^/10
behavioral25 behavioral26
- Target
  
  bin/workspace/286090429.txt
- Size
  
  112B
- MD5
  
  7faaf0e7485f0884b77be329d2584a2c
- SHA1
  
  8a4b571093bee432e85c051729a0461cd8980680
- SHA256
  
  3028d081c772d7de60c7c2eccdf96dd0a7b11b54de9b3ae2006be4979683cd77
- SHA512
  
  38020a6d7f738967197ab6e7af9a59e2c3d00c968d360c23d92f656e3395514667c80703db21fa7a7971a55007737911900e0086db18759a97b0e038a17ab745
Score

1^/10
behavioral27 behavioral28
- Target
  
  librarys/discordrpc.dll
- Size
  
  289KB
- MD5
  
  a1c35901ad26a30c5b7836771b6badff
- SHA1
  
  94a57cd3452a53c209323a1ce738b9f0fb0d6087
- SHA256
  
  517240600b04d454cc5ab7b03e43c4af5a0b831fd2515f25c015a83652ad4cac
- SHA512
  
  0af73788858e85df874cc232f5d31765648ffbf53d7fdf388fc1b619f44b9ca172c3ac92c983cbeec5d22b6692cd7d3f20734c8e759fe9cf53ac2671d9c1d5e4
- SSDEEP
  
  6144:iiLsvWG766dSiKXs2Ol2JWzh0TWxwpeqN55I8pF+WVe2KN6nB/F:iiLmW8daXs2dWzx5M5I8P+WM2a6tF
Score

3^/10
behavioral29 behavioral30
- Target
  
  scripts/LT2.txt
- Size
  
  88KB
- MD5
  
  6cdc84cfb2b9163c778da140b6dfda79
- SHA1
  
  016656ecb5d170202262e7f1f179a75dfd867494
- SHA256
  
  79feea16648e2f11348ac28132c5ce1fbcbea34761fb354801e9fc33ca7e2024
- SHA512
  
  d350a4a6d92228f1331f0341ada635ae1bece858639c04fbb7d8b51c9f6b54351a4a67b27034f0c096cc12116c9b3580bab0f5389da1aad0f497c934f03630c1
- SSDEEP
  
  768:ZJcRl+91rxrLXLsQQrMmeiUujhRmCua6ILBZMlu5erQIop1feJ0rHBp:J9TIQyU6hRmbTI3ES
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Install Root Certificate

T1130

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Tasks

Sharing

General

Malware Config

Targets

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Blocklisted process makes network request

VMProtect packed file

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32