General
-
Target
matcha-9dbf9780562444e1-upd2.rar
-
Size
19.8MB
-
Sample
241109-q7l84swamd
-
MD5
aa078c80d48de8b4a9651e4527afc011
-
SHA1
964d33b6964f89d6f13dba8678f50e86f4aadf56
-
SHA256
2afe60e31599db4d0857fcac3e48ddca6357dedd3b93cc5fc56e72a4b987bbc8
-
SHA512
1dbca189c3b59e572aaf9791bb5cd7f8f231e4d236117e4d747243733bf521760b52ef08c7553e7934d0a5878de7e7eb53168e8aa3bd83336eb38f47d9be472a
-
SSDEEP
393216:2PCSlDkykih2dtIQX6vOE3vva3K6dU5v8kJKfPCSlDkykih2dtIQXS:QN+ik/Io69X5v8kAXN+ik/IH
Behavioral task
behavioral1
Sample
loader.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
loader.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
mapper/map.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
mapper/map.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
mapper/matcha-driver.sys
Resource
win10v2004-20241007-en
Behavioral task
behavioral6
Sample
matcha.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
loader.exe
-
Size
7.6MB
-
MD5
0734f6bedc4b869ee82b9d4cccff40b5
-
SHA1
f85fad7213954af4c1e97fd8ec295edf76882095
-
SHA256
f126a99a61fbb3ea941e81fce01cd2a2d64080b33789553f94c2c6043f3b470d
-
SHA512
897794b690ab100abd0116d167e02d70089890b6b3f9091cccdec82e3bb0b1b3a5f7cc3a0ccbf6aff7f86322e09313277f3233e5879350840b0331fa55fc2ba4
-
SSDEEP
196608:IpHYLwfI9jUCzi4H1qSiXLGVi7DMgpZ3Q0VMwICEc/jC:0IHziK1piXLGVE4Ue0VJu
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
-
-
Target
mapper/map.exe
-
Size
5.2MB
-
MD5
91b2e38c78a29587e4bc141c3f048f0e
-
SHA1
720a32e02fb3e9529c193c4cc1874a74c7548146
-
SHA256
02ac7fcef95d3d8ba108c85311412739ec680dcc84e0e6baee6a77aa2271ecff
-
SHA512
f5b256a0544df654e793634a847892fe00ee412bef33bc4011e7f9d6d215ccbaf0d39270dcd832e403e95ddf109d1f643bff68e359c545837c6c17e1d9f248f8
-
SSDEEP
98304:MjqhOJCjRLRWUEjzqRxOdlWb0T8hEjE+R7WFxjQFQ/WbzZC+x2wAP:MesJCjR13EavA8+8+j1RSxjQsWXZul
Score1/10 -
-
-
Target
mapper/matcha-driver.sys
-
Size
9KB
-
MD5
21e0a2d7d9ab804eeb1d7c71b532a681
-
SHA1
2c09d54d71dfbee2eb537844078d74361e1e1dcc
-
SHA256
5d8f2239e861694d3f10884260160259393d56810e8cc3e6cabae4c0d077c905
-
SHA512
bfd6b8f3641750bcce137111b895ad9df33d712cb7f0465d99156accdff6298715a9da5da4003e2ad2bad7867013e9be096c21733946c686b2788a679059bc08
-
SSDEEP
96:xnICc5aHL+i40EzLGenSP+VSHWj7TEGMlOD+1WNBbEpDDIy:JXL+iyzLXSGVYcHg1Wvbon
Score1/10 -
-
-
Target
matcha.exe
-
Size
7.6MB
-
MD5
0734f6bedc4b869ee82b9d4cccff40b5
-
SHA1
f85fad7213954af4c1e97fd8ec295edf76882095
-
SHA256
f126a99a61fbb3ea941e81fce01cd2a2d64080b33789553f94c2c6043f3b470d
-
SHA512
897794b690ab100abd0116d167e02d70089890b6b3f9091cccdec82e3bb0b1b3a5f7cc3a0ccbf6aff7f86322e09313277f3233e5879350840b0331fa55fc2ba4
-
SSDEEP
196608:IpHYLwfI9jUCzi4H1qSiXLGVi7DMgpZ3Q0VMwICEc/jC:0IHziK1piXLGVE4Ue0VJu
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-