Overview
overview
8Static
static
7MatSploit.rar
windows7-x64
3MatSploit.rar
windows10-2004-x64
3BootsTrapperU.exe
windows7-x64
3BootsTrapperU.exe
windows10-2004-x64
8DiscordRPC.dll
windows7-x64
1DiscordRPC.dll
windows10-2004-x64
1ICSharpCod...it.dll
windows7-x64
1ICSharpCod...it.dll
windows10-2004-x64
1ICSharpCod...it.xml
windows7-x64
1ICSharpCod...it.xml
windows10-2004-x64
1MatSploit.exe
windows7-x64
6MatSploit.exe
windows10-2004-x64
8bin/Bootst...on.txt
windows7-x64
1bin/Bootst...on.txt
windows10-2004-x64
1bin/MatSploit.dll
windows7-x64
8bin/MatSploit.dll
windows10-2004-x64
8bin/UIVersion.txt
windows7-x64
1bin/UIVersion.txt
windows10-2004-x64
1bin/Zeus.exe
windows7-x64
1bin/Zeus.exe
windows10-2004-x64
1bin/lua.xml
windows7-x64
1bin/lua.xml
windows10-2004-x64
1bin/rbxfps...er.exe
windows7-x64
1bin/rbxfps...er.exe
windows10-2004-x64
3bin/version.txt
windows7-x64
1bin/version.txt
windows10-2004-x64
1bin/worksp...29.txt
windows7-x64
1bin/worksp...29.txt
windows10-2004-x64
1librarys/d...pc.dll
windows7-x64
3librarys/d...pc.dll
windows10-2004-x64
3scripts/LT2.js
windows7-x64
1scripts/LT2.js
windows10-2004-x64
1General
-
Target
MatSploit.rar
-
Size
8.8MB
-
Sample
230323-t7hgpsgh74
-
MD5
6d9593c0b6e8cf81b323bb5453736f17
-
SHA1
74b23a9cf26009b311e1f1b853f9284c5c426f27
-
SHA256
4f59429fb16674587e462f66c5732b51d211df9bcce758eec5b31046f05a2d60
-
SHA512
adb0c2bc93c32208b52aec01cd6be5af810389410caf1d81b12a31a699483178f1ddc9f30d37ddc3d93680a872c6e768e556cee8ebb0d706b1504ca310e77f66
-
SSDEEP
196608:/vecjlVi2vDWmm1PTlbEfT7Pe4Nc7EdPjifLZqEM4PoMxSh0Ih5Y:Hl7WZ1PpCTre4a7EdPWd3QgSDY
Behavioral task
behavioral1
Sample
MatSploit.rar
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
MatSploit.rar
Resource
win10v2004-20230221-en
Behavioral task
behavioral3
Sample
BootsTrapperU.exe
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
BootsTrapperU.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
DiscordRPC.dll
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
DiscordRPC.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
ICSharpCode.AvalonEdit.dll
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
ICSharpCode.AvalonEdit.dll
Resource
win10v2004-20230221-en
Behavioral task
behavioral9
Sample
ICSharpCode.AvalonEdit.xml
Resource
win7-20230220-en
Behavioral task
behavioral10
Sample
ICSharpCode.AvalonEdit.xml
Resource
win10v2004-20230220-en
Behavioral task
behavioral11
Sample
MatSploit.exe
Resource
win7-20230220-en
Behavioral task
behavioral12
Sample
MatSploit.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral13
Sample
bin/BootstrapperVersion.txt
Resource
win7-20230220-en
Behavioral task
behavioral14
Sample
bin/BootstrapperVersion.txt
Resource
win10v2004-20230221-en
Behavioral task
behavioral15
Sample
bin/MatSploit.dll
Resource
win7-20230220-en
Behavioral task
behavioral16
Sample
bin/MatSploit.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral17
Sample
bin/UIVersion.txt
Resource
win7-20230220-en
Behavioral task
behavioral18
Sample
bin/UIVersion.txt
Resource
win10v2004-20230220-en
Behavioral task
behavioral19
Sample
bin/Zeus.exe
Resource
win7-20230220-en
Behavioral task
behavioral20
Sample
bin/Zeus.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral21
Sample
bin/lua.xml
Resource
win7-20230220-en
Behavioral task
behavioral22
Sample
bin/lua.xml
Resource
win10v2004-20230220-en
Behavioral task
behavioral23
Sample
bin/rbxfpsunlocker.exe
Resource
win7-20230220-en
Behavioral task
behavioral24
Sample
bin/rbxfpsunlocker.exe
Resource
win10v2004-20230221-en
Behavioral task
behavioral25
Sample
bin/version.txt
Resource
win7-20230220-en
Behavioral task
behavioral26
Sample
bin/version.txt
Resource
win10v2004-20230220-en
Behavioral task
behavioral27
Sample
bin/workspace/286090429.txt
Resource
win7-20230220-en
Behavioral task
behavioral28
Sample
bin/workspace/286090429.txt
Resource
win10v2004-20230220-en
Behavioral task
behavioral29
Sample
librarys/discordrpc.dll
Resource
win7-20230220-en
Behavioral task
behavioral30
Sample
librarys/discordrpc.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral31
Sample
scripts/LT2.js
Resource
win7-20230220-en
Behavioral task
behavioral32
Sample
scripts/LT2.js
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
MatSploit.rar
-
Size
8.8MB
-
MD5
6d9593c0b6e8cf81b323bb5453736f17
-
SHA1
74b23a9cf26009b311e1f1b853f9284c5c426f27
-
SHA256
4f59429fb16674587e462f66c5732b51d211df9bcce758eec5b31046f05a2d60
-
SHA512
adb0c2bc93c32208b52aec01cd6be5af810389410caf1d81b12a31a699483178f1ddc9f30d37ddc3d93680a872c6e768e556cee8ebb0d706b1504ca310e77f66
-
SSDEEP
196608:/vecjlVi2vDWmm1PTlbEfT7Pe4Nc7EdPjifLZqEM4PoMxSh0Ih5Y:Hl7WZ1PpCTre4a7EdPWd3QgSDY
Score3/10 -
-
-
Target
BootsTrapperU.exe
-
Size
165KB
-
MD5
8b57e3af9a6b863fbe0746db752eba75
-
SHA1
bca3c16f360dc795cb31882c04c9ff0ec4d20511
-
SHA256
ee6e94dcb0f4bb34d487919faee67b4c178daee696d5bc84b229a24c8cad1c6f
-
SHA512
1799155f917d2a47691745c71b9e5dcb5b21e05fd5a7ae3105a6375bf2a5b5fdf944fc773177f670ea051bf0098a5c9685e14dba67c676fb0a5cdb51f46e4add
-
SSDEEP
3072:wxhMfvkWEpAJvlOT/NAWCNsxi8fdMznFHTfgCkPbQN982cUJWVgVK5o6V9207o0+:wxCfvkWEe9hWc8fdMFHrsPbbo742wb3B
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
DiscordRPC.dll
-
Size
83KB
-
MD5
813014542935ce0b3286ca76fc98d2fa
-
SHA1
95d54fc8efffdad935fe336bc67e12548cd9ed0f
-
SHA256
2d0e1b4688a113309fe39a7453d2ceecb1a37197562ae6deb0fda2aff33295b2
-
SHA512
c62e4af133e389926e70960d038baa9c56bcc12a46251f5c35fdcb54e6c31272da4c1326982c3792aef431dbebd450b4e804a997ab1645cc7c1b179679184eb7
-
SSDEEP
1536:s2qVp5gEdkfdBPQsC9eVCyo9ZDH09EOUwSi++mfxsSFEjg:sdVp5DUVCHDg/dSt+mxE8
Score1/10 -
-
-
Target
ICSharpCode.AvalonEdit.dll
-
Size
604KB
-
MD5
85525afb01eafb7cd53e171344de4653
-
SHA1
65e4609b6e1d9d0de5568049687edd84fda6d2d3
-
SHA256
b5180b33e6bb8f215d69d91a6fab46e2e633b222095bcfcafba2530beb181eab
-
SHA512
3b30b7b4b32ab72ac0903e2053613bf0cd33c8f54879ca012dee12b319aa598e84329e59fc0edb19ad2b4ba6b6d25c12c88cbb78f655e3e6d6396ce909b10799
-
SSDEEP
6144:vYFY292KUWr402FLGPbZbhhJNE0YXOfM+kVsjXs+3lR0jqItEkjoM:Qm70Q271E0YXHClfK
Score1/10 -
-
-
Target
ICSharpCode.AvalonEdit.xml
-
Size
582KB
-
MD5
5bd494ea6ab9ed3a0dd5f4736a6c1f8d
-
SHA1
9ffb4fa061171eeba0714cad028c4655aa2d241c
-
SHA256
a8de4e43ec6747781a7e01a7e5d51c92cffff32879e6bc3795c75c9ac90fd9cf
-
SHA512
60eb5a1a8b253e680bfe4340c2ef4810ef3089124959804436a1a910a8750208972623923e7613a03a41db0d08a93c568c7b424a5406bb5ea40453f2c617a71c
-
SSDEEP
6144:sFilxsTCj3BkjMG8AitANoPNzLINIFlhgTS9ycdxyhxYYbqEt:9g2Yc4
Score1/10 -
-
-
Target
MatSploit.exe
-
Size
1.6MB
-
MD5
28bb98b32516829a00facf1232514479
-
SHA1
2c3fe53d4ddaa31bb09d3136ea8102697a0ebcf9
-
SHA256
6de25bc2a38be29578d61366fd5a789a58896dbe1c467f305f31e289d120e4a5
-
SHA512
8c121038c006039b057fe424d586647e732ee18f33526d7cee32b955666c0930ce6023cf45cfa2511a765f6c8a1fe0a6f5618bc9d88ae094ed86790edcd8a0ac
-
SSDEEP
49152:ySIgFm/3uuUX4ykWAfi313LfCzCcwSGO:HIgFmHUGaF3jecSGO
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
bin/BootstrapperVersion.txt
-
Size
6B
-
MD5
a19f30071f8ac5c3999b7328ad578380
-
SHA1
3a9076f4bf68ae9702aba10239ab9b6840c203de
-
SHA256
c8d40e3fc93e328816f7a6ec5faf2cc18d6f89dccec4ee591280466223446540
-
SHA512
a4e3b0a8eb943f258224fc40d03fb6980258c1b21b2042c0d82dfa3f70c787a50943c2c11271c7ad638c9940aa60bdd1934edc94c9f3d572da71baf49701a082
Score1/10 -
-
-
Target
bin/MatSploit.dll
-
Size
6.9MB
-
MD5
569a4787d78d9265ce8e554866782dff
-
SHA1
2977bdf2ab1aaf1ca7d4fce317688704e4128d43
-
SHA256
8507d520156b39254eeef619c8319cf2bef874ed2ea0cd2f58ddbc9202183d25
-
SHA512
1fe9664798bcdc1d74392ab1fa86db25932cbac20c5e24f0c3291911c2569e88373222f9e7925c148ed234957aade020687a501f58189ab7a3d16eb77e7f1aed
-
SSDEEP
196608:Fv+Lg8T+IrHUnc62aksjpMpAgpmO4EfaYbT:Fv5E0lksNMuamU
Score8/10-
Blocklisted process makes network request
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
bin/UIVersion.txt
-
Size
6B
-
MD5
ee2c4000487d47a50cf869219ac0d500
-
SHA1
69865aaf96159e1ded6beb846b91368963980385
-
SHA256
7643ff9e4dd6661e7473e1d484574bcf8e8d47ffbd6893a0fc2d9145a5bfe4ff
-
SHA512
8b30249bc9f56b53d74e7b2072fc3a6b071b292bf1b25e2787c6eae4972f63a4bc3645860b6a997858d97cc5f14080006f6ca3624cb15fa6ffebdf2a4496d55e
Score1/10 -
-
-
Target
bin/Zeus.exe
-
Size
8KB
-
MD5
d0c214ef8c16e66af2fccb2c82e3e1ce
-
SHA1
108c5c4f068f00105f9d15f1fb6395e9f8055392
-
SHA256
a6a52b01fdd172b2ed566b180a4cdd29ecd63961effca95f879a37969888551b
-
SHA512
11fcb87de42729dfc16b89699b0c4c81f2dbe63be902ac30d07c9dc3e6cea612cda80a8fede3582ad98535e53f684651674351b79d6bb0e4d09bcd6f89751962
-
SSDEEP
96:PbxXemmFrmDP0WUaEuir0nY9EpvAxr5LF3PFFqhz45Mn0jFzNt:PQSDP0WtEupY90AxrHChz45Mn4/
Score1/10 -
-
-
Target
bin/lua.xshd
-
Size
3KB
-
MD5
06c3876d77733fb64b8ec472afc77133
-
SHA1
10404820f6f7b1b3eba8be8ed11ce3873cdc1199
-
SHA256
4fe8128712ef9160e233ce05034046e90fba572a75f253853d8c21c8b1207a9c
-
SHA512
f7f76edd231772118152d3d6a3c2b0668adac4055057d5989cc17da9b15f76695a86debfe327ca149819b5478e89cb9f0ce51fd70753e5e4cd2eb4cc0e42a691
Score1/10 -
-
-
Target
bin/rbxfpsunlocker.exe
-
Size
485KB
-
MD5
0ad95de215bdee42c18c5833a5fc3dc6
-
SHA1
a22eb68776958b42b5fa147f15141b0f06f1557f
-
SHA256
fc3f95654a181920f05056063bce148fdad38c4b2cd28fa3870bd4e071c564d8
-
SHA512
fb5b22e8ac306a9d91bc90697a0ef38a9d89be807053e8687ad60262df57e2a2192a1edafd4d611431976026f6e46785973036ecbc91ecd42098f92a4eeff1f8
-
SSDEEP
6144:YIWaU6EMyPwt1pcLjY0AJyGsrKdR6xmdohketP6ShV:YIWaUMyPu1pwjmIrKdIWoKetzV
Score3/10 -
-
-
Target
bin/version.txt
-
Size
6B
-
MD5
ee2c4000487d47a50cf869219ac0d500
-
SHA1
69865aaf96159e1ded6beb846b91368963980385
-
SHA256
7643ff9e4dd6661e7473e1d484574bcf8e8d47ffbd6893a0fc2d9145a5bfe4ff
-
SHA512
8b30249bc9f56b53d74e7b2072fc3a6b071b292bf1b25e2787c6eae4972f63a4bc3645860b6a997858d97cc5f14080006f6ca3624cb15fa6ffebdf2a4496d55e
Score1/10 -
-
-
Target
bin/workspace/286090429.txt
-
Size
112B
-
MD5
7faaf0e7485f0884b77be329d2584a2c
-
SHA1
8a4b571093bee432e85c051729a0461cd8980680
-
SHA256
3028d081c772d7de60c7c2eccdf96dd0a7b11b54de9b3ae2006be4979683cd77
-
SHA512
38020a6d7f738967197ab6e7af9a59e2c3d00c968d360c23d92f656e3395514667c80703db21fa7a7971a55007737911900e0086db18759a97b0e038a17ab745
Score1/10 -
-
-
Target
librarys/discordrpc.dll
-
Size
289KB
-
MD5
a1c35901ad26a30c5b7836771b6badff
-
SHA1
94a57cd3452a53c209323a1ce738b9f0fb0d6087
-
SHA256
517240600b04d454cc5ab7b03e43c4af5a0b831fd2515f25c015a83652ad4cac
-
SHA512
0af73788858e85df874cc232f5d31765648ffbf53d7fdf388fc1b619f44b9ca172c3ac92c983cbeec5d22b6692cd7d3f20734c8e759fe9cf53ac2671d9c1d5e4
-
SSDEEP
6144:iiLsvWG766dSiKXs2Ol2JWzh0TWxwpeqN55I8pF+WVe2KN6nB/F:iiLmW8daXs2dWzx5M5I8P+WM2a6tF
Score3/10 -
-
-
Target
scripts/LT2.txt
-
Size
88KB
-
MD5
6cdc84cfb2b9163c778da140b6dfda79
-
SHA1
016656ecb5d170202262e7f1f179a75dfd867494
-
SHA256
79feea16648e2f11348ac28132c5ce1fbcbea34761fb354801e9fc33ca7e2024
-
SHA512
d350a4a6d92228f1331f0341ada635ae1bece858639c04fbb7d8b51c9f6b54351a4a67b27034f0c096cc12116c9b3580bab0f5389da1aad0f497c934f03630c1
-
SSDEEP
768:ZJcRl+91rxrLXLsQQrMmeiUujhRmCua6ILBZMlu5erQIop1feJ0rHBp:J9TIQyU6hRmbTI3ES
Score1/10 -