Overview

overview

8

Static

static

7

MatSploit.rar

windows7-x64

3

MatSploit.rar

windows10-2004-x64

3

BootsTrapperU.exe

windows7-x64

3

BootsTrapperU.exe

windows10-2004-x64

8

DiscordRPC.dll

windows7-x64

1

DiscordRPC.dll

windows10-2004-x64

1

ICSharpCod...it.dll

windows7-x64

1

ICSharpCod...it.dll

windows10-2004-x64

1

ICSharpCod...it.xml

windows7-x64

1

ICSharpCod...it.xml

windows10-2004-x64

1

MatSploit.exe

windows7-x64

6

MatSploit.exe

windows10-2004-x64

8

bin/Bootst...on.txt

windows7-x64

1

bin/Bootst...on.txt

windows10-2004-x64

1

bin/MatSploit.dll

windows7-x64

8

bin/MatSploit.dll

windows10-2004-x64

8

bin/UIVersion.txt

windows7-x64

1

bin/UIVersion.txt

windows10-2004-x64

1

bin/Zeus.exe

windows7-x64

1

bin/Zeus.exe

windows10-2004-x64

1

bin/lua.xml

windows7-x64

1

bin/lua.xml

windows10-2004-x64

1

bin/rbxfps...er.exe

windows7-x64

1

bin/rbxfps...er.exe

windows10-2004-x64

3

bin/version.txt

windows7-x64

1

bin/version.txt

windows10-2004-x64

1

bin/worksp...29.txt

windows7-x64

1

bin/worksp...29.txt

windows10-2004-x64

1

librarys/d...pc.dll

windows7-x64

3

librarys/d...pc.dll

windows10-2004-x64

3

scripts/LT2.js

windows7-x64

1

scripts/LT2.js

windows10-2004-x64

1

Analysis

  • max time kernel
    29s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    23-03-2023 16:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bin/BootstrapperVersion.txt

  • Size

    6B

  • MD5

    a19f30071f8ac5c3999b7328ad578380

  • SHA1

    3a9076f4bf68ae9702aba10239ab9b6840c203de

  • SHA256

    c8d40e3fc93e328816f7a6ec5faf2cc18d6f89dccec4ee591280466223446540

  • SHA512

    a4e3b0a8eb943f258224fc40d03fb6980258c1b21b2042c0d82dfa3f70c787a50943c2c11271c7ad638c9940aa60bdd1934edc94c9f3d572da71baf49701a082

Score
1/10

Malware Config

Signatures

  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware

Processes

  • C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\bin\BootstrapperVersion.txt
    1⤵
    • Opens file in notepad (likely ransom note)
    PID:1588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads