General
-
Target
tmp/2d5cd4b22d447134ed36ef78f711b25b557f23543c481a5d56ef9cc3bf9a22de.xls
-
Size
229KB
-
Sample
211209-n1r5nsdahp
-
MD5
c7e65e956c6c206b1fb3032ce9b4650e
-
SHA1
9420a4c92b99736592a9e4f9a18f6c3c89e3b825
-
SHA256
2d5cd4b22d447134ed36ef78f711b25b557f23543c481a5d56ef9cc3bf9a22de
-
SHA512
d60444ea8e4f8582d3efed29c60b75c20f39e830e8fd6bd73160de6a5bcd3231662727e3f57eb90122c187669390f5e47380f279563cb3c19d9f99ed76e375b0
Static task
static1
Behavioral task
behavioral1
Sample
tmp/2d5cd4b22d447134ed36ef78f711b25b557f23543c481a5d56ef9cc3bf9a22de.xls
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
tmp/2d5cd4b22d447134ed36ef78f711b25b557f23543c481a5d56ef9cc3bf9a22de.xls
Resource
win10-en-20211208
Malware Config
Extracted
matiex
https://api.telegram.org/bot1769394961:AAF5BB35akL859CwVaXypIqpVsGWlaKvi7A/sendMessage?chat_id=1735544933
Targets
-
-
Target
tmp/2d5cd4b22d447134ed36ef78f711b25b557f23543c481a5d56ef9cc3bf9a22de.xls
-
Size
229KB
-
MD5
c7e65e956c6c206b1fb3032ce9b4650e
-
SHA1
9420a4c92b99736592a9e4f9a18f6c3c89e3b825
-
SHA256
2d5cd4b22d447134ed36ef78f711b25b557f23543c481a5d56ef9cc3bf9a22de
-
SHA512
d60444ea8e4f8582d3efed29c60b75c20f39e830e8fd6bd73160de6a5bcd3231662727e3f57eb90122c187669390f5e47380f279563cb3c19d9f99ed76e375b0
-
Matiex Main Payload
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-