General
-
Target
IVOICE 748884.doc
-
Size
341KB
-
Sample
210916-31bj9ahcgm
-
MD5
776ae5196f616bd6bf2a7fe34d7a5812
-
SHA1
6c576351c60b203500b179054303ccc39db564c5
-
SHA256
205995e5835ec0afdb827c868f5ec7e8f87f0328ca85ade3ac73cc585790a242
-
SHA512
a54543e5c66fb66bc61d048f006177ac135df179f3f9a9a4b91c224669cb1250ec5566e547f865a0132c93378e0293aae9c9fdb380af0b4095cc2f005278ba00
Static task
static1
Behavioral task
behavioral1
Sample
IVOICE 748884.doc
Resource
win7-en-20210916
Behavioral task
behavioral2
Sample
IVOICE 748884.doc
Resource
win10v20210408
Malware Config
Extracted
httP://192.3.110.170/win32/HTM.exe
Extracted
matiex
https://api.telegram.org/bot1902939136:AAHecjYRy7PD3SA0NET2ZO2oQUMhDqeG954/sendMessage?chat_id=1985758957
Targets
-
-
Target
IVOICE 748884.doc
-
Size
341KB
-
MD5
776ae5196f616bd6bf2a7fe34d7a5812
-
SHA1
6c576351c60b203500b179054303ccc39db564c5
-
SHA256
205995e5835ec0afdb827c868f5ec7e8f87f0328ca85ade3ac73cc585790a242
-
SHA512
a54543e5c66fb66bc61d048f006177ac135df179f3f9a9a4b91c224669cb1250ec5566e547f865a0132c93378e0293aae9c9fdb380af0b4095cc2f005278ba00
-
Matiex Main Payload
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-