Overview

overview

10

Static

static

10

matcha-9db...1).rar

windows7-x64

7

matcha-9db...1).rar

windows10-2004-x64

1

README.txt

windows7-x64

1

README.txt

windows10-2004-x64

1

imgui.ini

windows7-x64

1

imgui.ini

windows10-2004-x64

1

loader.exe

windows7-x64

7

loader.exe

windows10-2004-x64

8

���l��.pyc

windows7-x64

���l��.pyc

windows10-2004-x64

mapper/map.exe

windows7-x64

1

mapper/map.exe

windows10-2004-x64

1

mapper/mat...er.sys

windows10-2004-x64

1

matcha.exe

windows7-x64

7

matcha.exe

windows10-2004-x64

8

���l��.pyc

windows7-x64

���l��.pyc

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    matcha-9dbf9780562444e1-upd2 (1).rar

  • Size

    19.8MB

  • Sample

    241029-xzhz2sycjb

  • MD5

    aa078c80d48de8b4a9651e4527afc011

  • SHA1

    964d33b6964f89d6f13dba8678f50e86f4aadf56

  • SHA256

    2afe60e31599db4d0857fcac3e48ddca6357dedd3b93cc5fc56e72a4b987bbc8

  • SHA512

    1dbca189c3b59e572aaf9791bb5cd7f8f231e4d236117e4d747243733bf521760b52ef08c7553e7934d0a5878de7e7eb53168e8aa3bd83336eb38f47d9be472a

  • SSDEEP

    393216:2PCSlDkykih2dtIQX6vOE3vva3K6dU5v8kJKfPCSlDkykih2dtIQXS:QN+ik/Io69X5v8kAXN+ik/IH

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      matcha-9dbf9780562444e1-upd2 (1).rar

    • Size

      19.8MB

    • MD5

      aa078c80d48de8b4a9651e4527afc011

    • SHA1

      964d33b6964f89d6f13dba8678f50e86f4aadf56

    • SHA256

      2afe60e31599db4d0857fcac3e48ddca6357dedd3b93cc5fc56e72a4b987bbc8

    • SHA512

      1dbca189c3b59e572aaf9791bb5cd7f8f231e4d236117e4d747243733bf521760b52ef08c7553e7934d0a5878de7e7eb53168e8aa3bd83336eb38f47d9be472a

    • SSDEEP

      393216:2PCSlDkykih2dtIQX6vOE3vva3K6dU5v8kJKfPCSlDkykih2dtIQXS:QN+ik/Io69X5v8kAXN+ik/IH

    Score
    7/10
    upx

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      README.txt

    • Size

      430B

    • MD5

      a521ef1bd549901fe5687f4ef76e7192

    • SHA1

      c1bdc35b52fdfaa4def5823337d180781270dfb1

    • SHA256

      e2f674f66b58f3a5ff78d8da6fbb64c70625f81fd82ff1015803e5dfd0bee6a0

    • SHA512

      d6c93c13bd26fd8515170e147dcf2350f542b1494f24c5f4e5c1848f608f0af7299b718f93a8307585a57818f6453427ceea228e7167d1904221488a6e3da349

    Score
    1/10
    behavioral3behavioral4

    • Target

      imgui.ini

    • Size

      637B

    • MD5

      a9370b37821660086512ad1fe87c5ee2

    • SHA1

      1781651d8e4c45070fbd9dc6af807a8e73e96d20

    • SHA256

      b07f895343ab0d9e2c15bd4d221103306b2b9a524066ee214fd299ef002902d8

    • SHA512

      766e91b16f980188afac7e8a2e787bbf669c1e0034002c347044911d430b299a00435b29250ba80267d7073ac57021ea63bc1aad4bb6b7bade087dcf9739a7fb

    Score
    1/10
    behavioral5behavioral6

    • Target

      loader.exe

    • Size

      7.6MB

    • MD5

      0734f6bedc4b869ee82b9d4cccff40b5

    • SHA1

      f85fad7213954af4c1e97fd8ec295edf76882095

    • SHA256

      f126a99a61fbb3ea941e81fce01cd2a2d64080b33789553f94c2c6043f3b470d

    • SHA512

      897794b690ab100abd0116d167e02d70089890b6b3f9091cccdec82e3bb0b1b3a5f7cc3a0ccbf6aff7f86322e09313277f3233e5879350840b0331fa55fc2ba4

    • SSDEEP

      196608:IpHYLwfI9jUCzi4H1qSiXLGVi7DMgpZ3Q0VMwICEc/jC:0IHziK1piXLGVE4Ue0VJu

    Score
    8/10
    upxdiscoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral7behavioral8

    • Target

      ���l��.pyc

    • Size

      1KB

    • MD5

      4084162b0849d988147d74695e684fd0

    • SHA1

      0faafed035f4b7d72aaf75ef4c8d507f32de8f83

    • SHA256

      568ccf22da46d9e5486e88ad9e758727fa514f43dfd5c9179c440dcb941e234c

    • SHA512

      17ec8c8a24d5814c22ff73b41b38547d09b93beb16519572eee4fe8c0221809fd629ef52c767a63b4854fd270fd2b3650c27e91b8a96731df5c7579d9c5f44b0

    Score
    1/10
    behavioral10behavioral9

    • Target

      mapper/map.exe

    • Size

      5.2MB

    • MD5

      91b2e38c78a29587e4bc141c3f048f0e

    • SHA1

      720a32e02fb3e9529c193c4cc1874a74c7548146

    • SHA256

      02ac7fcef95d3d8ba108c85311412739ec680dcc84e0e6baee6a77aa2271ecff

    • SHA512

      f5b256a0544df654e793634a847892fe00ee412bef33bc4011e7f9d6d215ccbaf0d39270dcd832e403e95ddf109d1f643bff68e359c545837c6c17e1d9f248f8

    • SSDEEP

      98304:MjqhOJCjRLRWUEjzqRxOdlWb0T8hEjE+R7WFxjQFQ/WbzZC+x2wAP:MesJCjR13EavA8+8+j1RSxjQsWXZul

    Score
    1/10
    behavioral11behavioral12

    • Target

      mapper/matcha-driver.sys

    • Size

      9KB

    • MD5

      21e0a2d7d9ab804eeb1d7c71b532a681

    • SHA1

      2c09d54d71dfbee2eb537844078d74361e1e1dcc

    • SHA256

      5d8f2239e861694d3f10884260160259393d56810e8cc3e6cabae4c0d077c905

    • SHA512

      bfd6b8f3641750bcce137111b895ad9df33d712cb7f0465d99156accdff6298715a9da5da4003e2ad2bad7867013e9be096c21733946c686b2788a679059bc08

    • SSDEEP

      96:xnICc5aHL+i40EzLGenSP+VSHWj7TEGMlOD+1WNBbEpDDIy:JXL+iyzLXSGVYcHg1Wvbon

    Score
    1/10
    behavioral13

    • Target

      matcha.exe

    • Size

      7.6MB

    • MD5

      0734f6bedc4b869ee82b9d4cccff40b5

    • SHA1

      f85fad7213954af4c1e97fd8ec295edf76882095

    • SHA256

      f126a99a61fbb3ea941e81fce01cd2a2d64080b33789553f94c2c6043f3b470d

    • SHA512

      897794b690ab100abd0116d167e02d70089890b6b3f9091cccdec82e3bb0b1b3a5f7cc3a0ccbf6aff7f86322e09313277f3233e5879350840b0331fa55fc2ba4

    • SSDEEP

      196608:IpHYLwfI9jUCzi4H1qSiXLGVi7DMgpZ3Q0VMwICEc/jC:0IHziK1piXLGVE4Ue0VJu

    Score
    8/10
    upxdiscoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral14behavioral15

    • Target

      ���l��.pyc

    • Size

      1KB

    • MD5

      4084162b0849d988147d74695e684fd0

    • SHA1

      0faafed035f4b7d72aaf75ef4c8d507f32de8f83

    • SHA256

      568ccf22da46d9e5486e88ad9e758727fa514f43dfd5c9179c440dcb941e234c

    • SHA512

      17ec8c8a24d5814c22ff73b41b38547d09b93beb16519572eee4fe8c0221809fd629ef52c767a63b4854fd270fd2b3650c27e91b8a96731df5c7579d9c5f44b0

    Score
    1/10
    behavioral16behavioral17

MITRE ATT&CK Enterprise v15

Tasks