blankgrabber | 58bc24efadd5c97059f106947c2b2514c1e01dfed6a5caa9a335838f340396c9 | Triage

Submit
Reports

Overview

overview

Static

static

Matcha.exe

windows7-x64

7

Matcha.exe

windows10-2004-x64

*Ш�&��.pyc

windows7-x64

*Ш�&��.pyc

windows10-2004-x64

Sharing

General

Target

Matcha.exe
Size

7.6MB
Sample

250210-wke46s1ley
MD5

ea2885da07a18951c0f063bd6e244f55
SHA1

a074281e64211ef780619c8b70e8fc4cd4cc3dad
SHA256

58bc24efadd5c97059f106947c2b2514c1e01dfed6a5caa9a335838f340396c9
SHA512

d4d9bfe7e3ec61911e8c90f049a9e60ce5dbe1b09766f007ac55c0a982494e3fa90ea2eb58326c71a1e07022352467185aaea25d23099fb9bf0eba2b699a4418
SSDEEP

196608:AWM06C1wfI9jUCD6rlaZLH7qRGrGIYUoZy8FUsOnAoA:iIH20drLYRZjoA

Score

10^/10

blankgrabber discovery execution upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Matcha.exe

Resource

win7-20240729-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

Matcha.exe

Resource

win10v2004-20250129-en

discovery execution upx

windows10-2004-x64

8 signatures

150 seconds

Behavioral task

behavioral3

Sample

*Ш�&��.pyc

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

*Ш�&��.pyc

Resource

win10v2004-20250129-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  Matcha.exe
- Size
  
  7.6MB
- MD5
  
  ea2885da07a18951c0f063bd6e244f55
- SHA1
  
  a074281e64211ef780619c8b70e8fc4cd4cc3dad
- SHA256
  
  58bc24efadd5c97059f106947c2b2514c1e01dfed6a5caa9a335838f340396c9
- SHA512
  
  d4d9bfe7e3ec61911e8c90f049a9e60ce5dbe1b09766f007ac55c0a982494e3fa90ea2eb58326c71a1e07022352467185aaea25d23099fb9bf0eba2b699a4418
- SSDEEP
  
  196608:AWM06C1wfI9jUCD6rlaZLH7qRGrGIYUoZy8FUsOnAoA:iIH20drLYRZjoA
Score

8^/10

upx discovery execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  *Ш�&��.pyc
- Size
  
  1KB
- MD5
  
  69a6e657ca7992f82fc7320283f533ac
- SHA1
  
  01a312d2bd94307ab639436759f20ddf5c7e722a
- SHA256
  
  18affb4722cabd67b682443ae10c7f9fa6d95e6270e5646222a48f8e5b1fe6bb
- SHA512
  
  71789b27498460af4490d85e38174151893729280bad52d9d8b49d23e68a28977094fc81ca9330b00757bd720e839c84d08227ce2d293a98b5b5d2c1ba79fc2a
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryexecutionupx

behavioral3

behavioral4

© 2018-2025

Terms | Privacy