General
-
Target
4ccd414ea068d3fb02fb086a88cc08ba851f3787fdf25e12af76e812c5be15ea
-
Size
631KB
-
Sample
220502-sc399afee2
-
MD5
1bbab843f8268c0245c71044753b3956
-
SHA1
fad52c197225eae9578bbf912c16cde4d02cd993
-
SHA256
4ccd414ea068d3fb02fb086a88cc08ba851f3787fdf25e12af76e812c5be15ea
-
SHA512
724c23b8365e20a7466e6afd6c8feabdecd296e13cd8cdfa6a4b144ecb62625ca3181bf542a212f702fad1462fff3b465a2867b339e82ec9be629ddd239e8993
Static task
static1
Behavioral task
behavioral1
Sample
546632 - MARITIME WK-2 OCT.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
546632 - MARITIME WK-2 OCT.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
mail.avicorrpinc.com - Port:
587 - Username:
[email protected] - Password:
admin@abc123 - Email To:
[email protected]
Targets
-
-
Target
546632 - MARITIME WK-2 OCT.exe
-
Size
773KB
-
MD5
910f1f2bdb64a368db77afd1491ed7e3
-
SHA1
c9e60b441c2a1ccabe57454f9e737cdbb74d372f
-
SHA256
d033f6fc657267d6aa462537cc47ea3f7379b86cbadf6499199c7e6906b107b3
-
SHA512
62a0c2165b6e71a3406801b99fa1a1d1ecb57ed92413084569b1591c5c5c5cb691fa31f5cee5a2f5b9f1ac4ce7ff626ec59427eee96f014cebf391f1cc278ac6
Score10/10-
Matiex Main Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-