Overview

overview

10

Static

static

10

Mapper/map.exe

windows7-x64

Mapper/map.exe

windows10-2004-x64

loader.exe

windows7-x64

7

loader.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    matcha12-25-2024.rar

  • Size

    7.5MB

  • Sample

    250103-bst8vatmbz

  • MD5

    5313861d0f6cd28115ab571a984e3393

  • SHA1

    9d3d7f8828c8a8ef6da2dbd6c0a62e351a5efd51

  • SHA256

    ecbb893ec82265e393859c54d3bc2fe13ce3aa103895d8de7f5a77f99e4f320b

  • SHA512

    4f914043eb4aea25417a622a668b9aea0e5beef60a28f9aa942b3c413950645d534f00b83483b44c4e65acf484663b4b029efd5baf7fd23a9a8109dccc328e20

  • SSDEEP

    196608:g2DHGxIZXzLaj6n9ZXjtoWTSpjnXdeS6m+/fqINL:g2DmYXzLZ/poWWUSt+/yy

Score
10/10
blankgrabbercollectioncredential_accessdefense_evasiondiscoveryexecutionspywarestealerupx

Malware Config

Targets

    • Target

      Mapper/map.exe

    • Size

      1B

    • MD5

      0cc175b9c0f1b6a831c399e269772661

    • SHA1

      86f7e437faa5a7fce15d1ddcb9eaeaea377667b8

    • SHA256

      ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb

    • SHA512

      1f40fc92da241694750979ee6cf582f2d5d7d28e18335de05abc54d0560e0f5302860c652bf08d560252aa5e74210546f369fbbbce8c12cfc7957b2652fe9a75

    Score
    1/10
    behavioral1behavioral2

    • Target

      loader.exe

    • Size

      7.6MB

    • MD5

      b18d4487b45439fe5fd09d50d9a0f351

    • SHA1

      8b355309f3108e49a5a31dacfd82874a5545460c

    • SHA256

      7eee726aa01a187ba7da7d9fe4bc05824da24dd82746b7096d6011edaac12e4e

    • SHA512

      bbbb7685a7b2ff0a6031240eb35a439252b07d814a6685041573ffcd06e8b00f87c66792793dc3727d3bfd647fe5a904adeffcf30ac3e9b756dc1230081144ae

    • SSDEEP

      196608:o2D+kdMdmwfI9jUCBB7m+mKOY7rXrZusooDmhfvsbnTNWE:b5+3IHL7HmBYXrYoaUNL

    Score
    8/10
    upxcollectioncredential_accessdefense_evasiondiscoveryexecutionspywarestealer

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

      collection

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

      defense_evasion

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks