Overview

overview

10

Static

static

3

MatrisSetu....0.exe

windows7-x64

10

MatrisSetu....0.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MatrisSetup 2.5.0.0.exe

  • Size

    654.3MB

  • Sample

    230531-nddzjaee49

  • MD5

    917155e396b925d4d0d969d610c9c678

  • SHA1

    a04ccb87946bacb13e6dea7db0531ba06ca226c6

  • SHA256

    3a9c69009b81f3828ff4df44894b35b857cf8f50692b3da3bc269ab74cc74efa

  • SHA512

    b8b8a2ea42e1a0d08d9d705b22c226df9d92e2517149b93a730fba8af9da598c01ff3adddf2ccfd23586ee07fa9bd99a4792a87cd5b9c7e73fa0b38cda208d3e

  • SSDEEP

    12582912:g5r71/CNXYiFVhXIz6ND0rOvovsIhxr1Vt4/ltrvSjxlI5eR5A+KiiaGccamBx:gb6NoyVhYzcwrOvoUYytt8lNRh7nQx

Score
10/10
plugxredlinediscoveryinfostealerpersistencetrojan

Malware Config

Targets

    • Target

      MatrisSetup 2.5.0.0.exe

    • Size

      654.3MB

    • MD5

      917155e396b925d4d0d969d610c9c678

    • SHA1

      a04ccb87946bacb13e6dea7db0531ba06ca226c6

    • SHA256

      3a9c69009b81f3828ff4df44894b35b857cf8f50692b3da3bc269ab74cc74efa

    • SHA512

      b8b8a2ea42e1a0d08d9d705b22c226df9d92e2517149b93a730fba8af9da598c01ff3adddf2ccfd23586ee07fa9bd99a4792a87cd5b9c7e73fa0b38cda208d3e

    • SSDEEP

      12582912:g5r71/CNXYiFVhXIz6ND0rOvovsIhxr1Vt4/ltrvSjxlI5eR5A+KiiaGccamBx:gb6NoyVhYzcwrOvoUYytt8lNRh7nQx

    Score
    10/10
    plugxredlinediscoveryinfostealerpersistencetrojan

    • Detects PlugX payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

      trojanplugx

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks