3e36732ff2a298a34acd083639cf0f8b1aef0e099965e6ff30706489bf1297d4

Sharing

Copy URL

Twitter E-mail

General

Target

MatDeckSetup.exe
Size

98.5MB
Sample

240627-tpt3sa1gpr
MD5

e9a6c7d3c8883ce2c9204373cde23ffb
SHA1

52b5dbb1b9af4b129c6214541b50fc97b041b428
SHA256

3e36732ff2a298a34acd083639cf0f8b1aef0e099965e6ff30706489bf1297d4
SHA512

eaa2c68a50cc20025486733e6f058f41c9143f35a4c95374c3afdc7a9ceae279a9187cd947aa3902201402321703650bc3345a1a45d125966057b9c338104d5a
SSDEEP

3145728:WTCrf4FYTWRRBx/ZoPTj1Vo34TpeRbnZIk:xf4YCBVZEj1VoyeJ

Score

7^/10

link pdf

Malware Config

Targets

- Target
  
  MatDeckSetup.exe
- Size
  
  98.5MB
- MD5
  
  e9a6c7d3c8883ce2c9204373cde23ffb
- SHA1
  
  52b5dbb1b9af4b129c6214541b50fc97b041b428
- SHA256
  
  3e36732ff2a298a34acd083639cf0f8b1aef0e099965e6ff30706489bf1297d4
- SHA512
  
  eaa2c68a50cc20025486733e6f058f41c9143f35a4c95374c3afdc7a9ceae279a9187cd947aa3902201402321703650bc3345a1a45d125966057b9c338104d5a
- SSDEEP
  
  3145728:WTCrf4FYTWRRBx/ZoPTj1Vo34TpeRbnZIk:xf4YCBVZEj1VoyeJ
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  SCADA.exe
- Size
  
  3KB
- MD5
  
  c2ed3e16499987aa8a7caf7c0351d334
- SHA1
  
  0803cb9297f8eaf33c00539ae1a7e63bb4a245ae
- SHA256
  
  e6acd5b36125333065fbdb9e139941b315a04146c647ec45cf23a10925c8a41e
- SHA512
  
  f48212f74703390b38886f932a9ebd1426bdd0c37fbc5751dded2becce5f01a1b961f0fe5cdb5cfcbd79489b2fc224e71f5a82688c41ef52ae7a744162bafa1b
Score

1^/10
behavioral3 behavioral4
- Target
  
  SoftwareUpdaterAdmin.exe
- Size
  
  337KB
- MD5
  
  c3e47f53090ab2d725615dd757c785ae
- SHA1
  
  525ae3e94c63f878e26b576fe4810179fa9476f9
- SHA256
  
  53b2cbfb47ec74a95ba7543856509c0a62d992596c564ddb308d2c2b9e118323
- SHA512
  
  5395ea2950915e7c25de9b9f6a5b47237896147613a4479e96e8c60746f23554b051c5358d2647ff165337f448baa436ad40c26da7ba73ba09c46a8557cd4be7
- SSDEEP
  
  6144:yeCZ7XId5OsU1bSd8rF11NzldFtjhDf6wMPnTBrhQFcC7Wd1OUWI:yvZzId5OsU1bSd25VwBTphQ1
Score

1^/10
behavioral5 behavioral6
- Target
  
  USBDEV_LIB.dll
- Size
  
  15KB
- MD5
  
  42ac46e93592355eaa1c588bba66b576
- SHA1
  
  10fde57c85dc905900c4966726c0371f3bf6cf71
- SHA256
  
  6745d27370c22f31d59a6099eed563c23b2669e82a74fed0d4c9cdae9006323c
- SHA512
  
  faecb8ef41c819ccd55cf6d25a987175ade46a128e65dde85ba698440efbbe902f6d49d925141f996975d2c7e4ccc1eb1e3f4703dbfd11470a29384e0e535e49
- SSDEEP
  
  384:CZdsVHYqvjgWLPiLYu39HxP3ENlBAcx/1EReK:CvsxJLgG6LhHxP0NlBAcx9EAK
Score

1^/10
behavioral7 behavioral8
- Target
  
  VMD.exe
- Size
  
  4KB
- MD5
  
  d843d84c4ae0588501982866c433e805
- SHA1
  
  baa96b4cf520d67857edf877b4d6547640c10e91
- SHA256
  
  ae93e366ba3a14eb18c4386bfdef01064dde35c36bbb4aa5a84f563d286c8e6f
- SHA512
  
  593898875458345bc127f89345c2bbf040dd40e0b02724f000203daff2aca029f412d098aad7d3bb4795eb84b589fa1a1c1b843b20ea54547e5e40b8e7f66c86
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral10 behavioral9
- Target
  
  VirtumentUserManual.pdf
- Size
  
  882KB
- MD5
  
  9e4b83e95584432e06c2382060062f0d
- SHA1
  
  ac8660b245ebb7e2643f199234c28c7d5d1e9237
- SHA256
  
  500fef4675e347f0b1b0ffa4fff7bf5b4202ac331f2d147c2793be6e8541ae97
- SHA512
  
  3aacd0ca8bad0c801ad6b28e2d90eb1daa3d963123d48bf4646f15ab629f0d2892637a7a4b78cddaff72b67968b96bc4e0c0a2a90552ef39e7592a95ec4483c8
- SSDEEP
  
  24576:W5AbinVzxeZMX1RMC8zKP6JuYqJX/xYMkJsBWI:ucuX/MNKiNWPxJYyWI
Score

1^/10
behavioral11 behavioral12
- Target
  
  XlsLib.dll
- Size
  
  56KB
- MD5
  
  3b77f37e9f392d6482f995b21dd0d916
- SHA1
  
  0a2a9aad5c1b0618e7c594de03a675fd34afb916
- SHA256
  
  09cf0fd2e5c0685c97083fe40804855105db21c5a6156585614469ff3be42c92
- SHA512
  
  5e8f2883deb78df439e7604898feb06e736883a9b57fe4fda047775e0ac66104aa1f30ebd4318fefdf81081cb3a56017ee8a4b04d25201988b74416f0653ed8d
- SSDEEP
  
  768:iv+/bR84mPeopQ19FCshRocMVHWzdIJSZ/SLFzalyQIA+GX7dY:xTRRNd19FCPRJ+uJSZqpzVA+ce
Score

3^/10
behavioral13 behavioral14
- Target
  
  biodaq.dll
- Size
  
  582KB
- MD5
  
  cb3b3d12fa337f41a375622186669aea
- SHA1
  
  fb8d849d6d072661096aa1643a8ea9e43b31e140
- SHA256
  
  ff7c9c867666909a79b8800afc166a72ac1f2751bb3f5a91e534279b79defb88
- SHA512
  
  1ff9ffaaecae06c7b33864de03bef97a697d5fc36416a22ce8901d59f9e31d7b27797f17dd6a89f4875e22117ad74ad92c9361da8977ca1577e7790aacf48fbd
- SSDEEP
  
  12288:1eStEyhfVX5F0wTdWaco1wq7XgqXR38n:1gEZ5F0wTdWu9B38n
Score

1^/10
behavioral15 behavioral16
- Target
  
  biodaqutil.dll
- Size
  
  707KB
- MD5
  
  c370e077ad1dd67e3de876ae12e391d3
- SHA1
  
  d96c89f3a1521e2cb404a6d1b26acd9570bdf47b
- SHA256
  
  4d04391b7c054a2164bd7fb9388f37e41108df60b0922acc7602590e86a10451
- SHA512
  
  1823c0e32e1ae88e19bbb717f2f815197e772fc1e242f7ba23098feb5c15a48801f672433b42df20034adfc9cf92b2b07bde4ca9757b70ac3381bfdc5e2e9484
- SSDEEP
  
  12288:6LRNnKqk3Am+z/AfYVa/6CIac/C9Yf3kenrTU34lpW6Lfud2Q:M3kQm+rAfY06CI5gYf3kYrTtlpXfu
Score

1^/10
behavioral17 behavioral18
- Target
  
  ftd2xx.dll
- Size
  
  632KB
- MD5
  
  befbc1a8f6c2b8e143ddd97ccb6561b5
- SHA1
  
  44b085c25026dabe6280c539f43dd0755fb28499
- SHA256
  
  774af8b12c85d03562742acdf222af5e0432167bf107ba4b260757e4a5e36866
- SHA512
  
  a41b29e0493ad8ed57f55b8aa557aed460794894a5a53b057eeef017a81f071a09dd298fb63eb0277344a9b69d790699131642106124320fb80ba87d1ad60dd4
- SSDEEP
  
  12288:k2Ruad22Cu6+wfhZLF5lfDOHc/aFMmymLRt+i2:332xNfhZLF5lfDOHvMTmLRt2
Score

1^/10
behavioral19 behavioral20
- Target
  
  imageformats/qgif.dll
- Size
  
  77KB
- MD5
  
  35f756f6471b1bbd66f0ab0330545720
- SHA1
  
  4213dc5bdea41ae92694d346b2ddad13544de909
- SHA256
  
  f1d29cf3cc824909b6ff9f3d1ef7fb60ecf45da10dd7b5461fa61a72220ba02d
- SHA512
  
  9305e18e3bcceff43b07180d603d5012f6bc8eb9224dd33ccc4953a9e589406419b3c79d0b37ad8977b7aa517dd818a9e1c50a9b62db6a3cf2800daf50df3092
- SSDEEP
  
  1536:MJ6Ad3hhnEof+s2E7IaWIXhJnKfvmaIMFqq9AcfiUfDv0U:MJ6Ad3hhnEoWm7IaWIX+mHMFqq9Acfig
Score

1^/10
behavioral21 behavioral22
- Target
  
  imageformats/qjpeg.dll
- Size
  
  475KB
- MD5
  
  59f42d88daf432044961a2b9284cb3a4
- SHA1
  
  63a6b1d7202bdd6fde4f90327330277a459372d5
- SHA256
  
  509cf637dc2950bc1c2f19cddad1ceec7cdb035a5e7c9cb128c2f621784505a0
- SHA512
  
  b2de08295b522b4ed95dd8743b4e1ceba120b45402882d79a72e60219308efd27ab6cd234d455137415b08d71cd2a36dbbaa5161cce63059b39b5e9a82c7d731
- SSDEEP
  
  6144:CNnLzZc+4dHRABmfnvJru/rmIjwP3dLg42zsWsyRH9OirkePfWiZBgR:CNnL9zOnDzW4Cdra
Score

1^/10
behavioral23 behavioral24
- Target
  
  imageformats/qsvg.dll
- Size
  
  73KB
- MD5
  
  ad15513642fc146f7e5a1146ef566ba3
- SHA1
  
  7af689e6dcf4fc8722446e57e7ac2ce59bbf584e
- SHA256
  
  3ba4d2c57bce563855b1b81c55c874b1f0f69e9bfb6886196ff582b6b01ba733
- SHA512
  
  0f8b00da529feff5be78e2cc0927f750c5b33fda7de521122e0ef33a452f07fbf25cc95978920f78b4181b0f80b0af1e50893aa8a548644e669a3cd9f170e081
- SSDEEP
  
  1536:ms4tJjIW4u8TxXj2GDD2FE+Mf54uUcd0hd:V8jIW4NRj7DCFE+Mf54uUZhd
Score

1^/10
behavioral25 behavioral26
- Target
  
  lessons/Lesson 1 - MatDeck document.pdf
- Size
  
  93KB
- MD5
  
  4ec2d06d74d22936bff23bf464830109
- SHA1
  
  06d176a6a604bcb7187ac578beea4023737b37bd
- SHA256
  
  e147fc95c35b42557b9982cf6a9bc339352031d7ece27f5b72317984c9bdc16c
- SHA512
  
  e8bd3c10d874a7c4f753eba20329051e76ac9517663bc0191123f3e6e568a948ee9e20d9af1c6e54921c7c68033914e485308cc49ba48da961f984754cfe0cf9
- SSDEEP
  
  1536:WiTFSrNNTTTTZTO7w/X+DBsu9PLLLpWaxj+bq9eBjN/jtLCYTZRlLiPs9HQgemmF:TAByi+lsu9PLLLzKj1jtuMZR1Jigem3+
Score

1^/10
behavioral27 behavioral28
- Target
  
  lessons/Lesson 9 - 3D graph.pdf
- Size
  
  175KB
- MD5
  
  69b5f43756435fbdf6b43befee332444
- SHA1
  
  efc3ac6191de53b8ee6f610704f1b94fc917c306
- SHA256
  
  b557018669d0b2d685d202410dbb73ddfdc5948799a4a17005871296d4dac067
- SHA512
  
  38fe5808859c32d772332a09dd3b209e479b63c6004ad6113bda94394bf141c734bf7e36751cdc55d34608a8f2c1d8679185a693b8f83ad723879ea885202ed3
- SSDEEP
  
  3072:sxm9GX6LmA/0IEF1TJqkasELieS3GkeEKP6YbnHutZqAsCYmI8R:0oc8i1T3fVGJEKCQOtR
Score

1^/10
behavioral29 behavioral30
- Target
  
  libMPSSE.dll
- Size
  
  38KB
- MD5
  
  965d76b985ad56885a24be635d9a6241
- SHA1
  
  34ab7147f9abf9fb34c302c2507860382c5635e6
- SHA256
  
  3f36a242d39f27ec9fe2bba6505f58f6a6bc807a852b9c4b9a15c700de71e327
- SHA512
  
  e46203e741e218ac768d26d375913c4c5643faae92d78f7036cac42e25771fe7aec9555496d915ae56bd53636885eddf993ee51511b0de1e34ec046d1258bec9
- SSDEEP
  
  768:hS2aM3O2gFiILJDYYA6qnvfbBiNlHVUb1yu7EXGlGm:hS2aE8GFZyu
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32