General
-
Target
0a6959c181966748ce98202d123ed479ce076b6d4db9eae9d2cbb62ac42dca49
-
Size
684KB
-
Sample
220420-czz84shea7
-
MD5
43ac24b42b50d40355d75d52268a98c5
-
SHA1
4f8eac0d038d14ec3f111f89eafc0cce686be7d0
-
SHA256
0a6959c181966748ce98202d123ed479ce076b6d4db9eae9d2cbb62ac42dca49
-
SHA512
2cf0a44f0f81701f74e2e5707227c9d18ded1b6a3af697564dd474a905c5ba68033df21aed2d80b27b41981f7528a0810d692040d8213bf5949f0e13e46f4910
Static task
static1
Behavioral task
behavioral1
Sample
invoice _25280.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
invoice _25280.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
ebop.website - Port:
587 - Username:
[email protected] - Password:
P@ssw0rdP@ssw0rd
Targets
-
-
Target
invoice _25280.exe
-
Size
739KB
-
MD5
40630dbc9ec33244bf5dd0a97d129909
-
SHA1
a48f654aada97d4d359e217bfa212adf07faba13
-
SHA256
f0b8f39cd0fd0a840db7c970362e5bd1e48600c341a97ffd1f742ea37f561bd8
-
SHA512
854c4e2b1dcabe82001d3f31cf7c41045eab6ba1a7c14027de6ce781df097cb70ff4dff39cea5d26f2c2789953683c10fe0a0fe4d5f8aabad00920434491c1af
Score10/10-
Matiex Main Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-