Overview

overview

10

Static

static

10

Mapper/map.exe

windows7-x64

Mapper/map.exe

windows10-2004-x64

Mapper/mat...er.sys

windows7-x64

3

Mapper/mat...er.sys

windows10-2004-x64

3

README.txt

windows7-x64

1

README.txt

windows10-2004-x64

1

loader.exe

windows7-x64

7

loader.exe

windows10-2004-x64

8

HL���i7.pyc

windows7-x64

HL���i7.pyc

windows10-2004-x64

Resubmissions

03-01-2025 01:20

250103-bp7d1awqcj 10

03-01-2025 01:17

250103-bnvntawpep 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    matcha (12-25-2024).rar

  • Size

    7.5MB

  • Sample

    250103-bnvntawpep

  • MD5

    5313861d0f6cd28115ab571a984e3393

  • SHA1

    9d3d7f8828c8a8ef6da2dbd6c0a62e351a5efd51

  • SHA256

    ecbb893ec82265e393859c54d3bc2fe13ce3aa103895d8de7f5a77f99e4f320b

  • SHA512

    4f914043eb4aea25417a622a668b9aea0e5beef60a28f9aa942b3c413950645d534f00b83483b44c4e65acf484663b4b029efd5baf7fd23a9a8109dccc328e20

  • SSDEEP

    196608:g2DHGxIZXzLaj6n9ZXjtoWTSpjnXdeS6m+/fqINL:g2DmYXzLZ/poWWUSt+/yy

Score
10/10
blankgrabbercollectioncredential_accessdefense_evasiondiscoveryexecutionspywarestealerupx

Malware Config

Targets

    • Target

      Mapper/map.exe

    • Size

      1B

    • MD5

      0cc175b9c0f1b6a831c399e269772661

    • SHA1

      86f7e437faa5a7fce15d1ddcb9eaeaea377667b8

    • SHA256

      ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb

    • SHA512

      1f40fc92da241694750979ee6cf582f2d5d7d28e18335de05abc54d0560e0f5302860c652bf08d560252aa5e74210546f369fbbbce8c12cfc7957b2652fe9a75

    Score
    1/10
    behavioral1behavioral2

    • Target

      Mapper/matcha-driver.sys

    • Size

      17B

    • MD5

      02cfb57f0986f9574a87433316339751

    • SHA1

      e3ba93d73d4956dff2690004033dbffac5f9b2ca

    • SHA256

      849b7d0c47acbca73e53fb0ee0256aed65ba4905836dd38e7171fa667c1a6e53

    • SHA512

      4ba437caac21ea96a8a3e90552d6f50b379620d57fa2a42a022d75b0be6eb2d3f8230abd75c28251023f748224b8af61cbd7866b1c756cc9bf651e1f627e3a32

    Score
    3/10
    behavioral3behavioral4

    • Target

      README.txt

    • Size

      430B

    • MD5

      a521ef1bd549901fe5687f4ef76e7192

    • SHA1

      c1bdc35b52fdfaa4def5823337d180781270dfb1

    • SHA256

      e2f674f66b58f3a5ff78d8da6fbb64c70625f81fd82ff1015803e5dfd0bee6a0

    • SHA512

      d6c93c13bd26fd8515170e147dcf2350f542b1494f24c5f4e5c1848f608f0af7299b718f93a8307585a57818f6453427ceea228e7167d1904221488a6e3da349

    Score
    1/10
    behavioral5behavioral6

    • Target

      loader.exe

    • Size

      7.6MB

    • MD5

      b18d4487b45439fe5fd09d50d9a0f351

    • SHA1

      8b355309f3108e49a5a31dacfd82874a5545460c

    • SHA256

      7eee726aa01a187ba7da7d9fe4bc05824da24dd82746b7096d6011edaac12e4e

    • SHA512

      bbbb7685a7b2ff0a6031240eb35a439252b07d814a6685041573ffcd06e8b00f87c66792793dc3727d3bfd647fe5a904adeffcf30ac3e9b756dc1230081144ae

    • SSDEEP

      196608:o2D+kdMdmwfI9jUCBB7m+mKOY7rXrZusooDmhfvsbnTNWE:b5+3IHL7HmBYXrYoaUNL

    Score
    8/10
    upxcollectioncredential_accessdefense_evasiondiscoveryexecutionspywarestealer

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

      collection

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

      defense_evasion

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral7behavioral8

    • Target

      HL���i7.pyc

    • Size

      1KB

    • MD5

      42884109a0763becddc187114668ea30

    • SHA1

      19b4a0513da2a29b2b63eadefb8ac96d6b8f4956

    • SHA256

      e695c1a0356071fb2c5a99e794892864bd0fdc1ff0c0dd8d25ef907fbfb17c28

    • SHA512

      ea19810d0fd792e4010396e65a906333f55e02059b35318789a2d00d9993fffd5c102568f016acbba9530185095949bea0edbe1f65c3d9bbed7113a1d834f394

    Score
    1/10
    behavioral10behavioral9

MITRE ATT&CK Enterprise v15

Tasks