Revised Invoice.exe

General
Target

Revised Invoice.exe

Size

579KB

Sample

210121-plarklpf82

Score
10 /10
MD5

cbfb94a41abae103511d729b00687c7a

SHA1

f491f44fbbaafb97275cc90ecaa37926534a6151

SHA256

b9d37ce3380de623e8225b466fcd061db7f7828a2e39deace159e5c7f3455015

SHA512

77bfe24a4b0dcc0badcf0b33fd1da5335fadf0e366db4411b0ca130fecefa288006c06cf5bf363edd1b038619e1f8654e0e88020c454e4b0399d906c17128a59

Malware Config

Extracted

Protocol smtp
Host smtp.gmail.com
Port 587
Username igbrusure@gmail.com
Password mrruben0094
Targets
Target

Revised Invoice.exe

MD5

cbfb94a41abae103511d729b00687c7a

Filesize

579KB

Score
10 /10
SHA1

f491f44fbbaafb97275cc90ecaa37926534a6151

SHA256

b9d37ce3380de623e8225b466fcd061db7f7828a2e39deace159e5c7f3455015

SHA512

77bfe24a4b0dcc0badcf0b33fd1da5335fadf0e366db4411b0ca130fecefa288006c06cf5bf363edd1b038619e1f8654e0e88020c454e4b0399d906c17128a59

Tags

Signatures

  • Matiex

    Description

    Matiex is a keylogger and infostealer first seen in July 2020.

    Tags

  • Matiex Main Payload

  • Drops startup file

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Enumerates physical storage devices

    Description

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

    Tags

    TTPs

    System Information Discovery
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks

                    static1

                    behavioral2

                    10/10