General
-
Target
dd2daa1f70321c9e2d0087fc8fd54d7703cc83a06a2383cf9fced3d33dfa4c0a
-
Size
252KB
-
Sample
220502-skxgnsacck
-
MD5
c9d153f16bc14e615dc42d05dbef199b
-
SHA1
9da22b30ed35138ed903a59ca3f43ef18435eab4
-
SHA256
dd2daa1f70321c9e2d0087fc8fd54d7703cc83a06a2383cf9fced3d33dfa4c0a
-
SHA512
9654d5ea9f5eea0635b1f1f0622c01f83864a82133f8694d8ca3742b8fd1f85c52a6e93932f4d76f412dda77160eddddb1515f10b6317e520fdf0c0d1bcea2ce
Static task
static1
Behavioral task
behavioral1
Sample
4797508E2-20F2-4C2C-879A-1C358G.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
4797508E2-20F2-4C2C-879A-1C358G.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
pro40.emailserver.vn - Port:
587 - Username:
[email protected] - Password:
Huynhngoc@123
Targets
-
-
Target
4797508E2-20F2-4C2C-879A-1C358G.exe
-
Size
652KB
-
MD5
696f1e6e8b7f8ed2b20e9aa689be7333
-
SHA1
62cb835dc20ef745186fd3805c230b96c1177ba2
-
SHA256
ce0e9c38f501c41244755438857cf76ab25727502b344c65d30075ff3338f43c
-
SHA512
2971d105982aecea405c1c632953dad58bfd4fe32450d4d8c7e7cfde9ad2fde6af5acb113447a3322d0fe8b6171f471ef8b44cebedd621666210f0dd9741fe52
Score10/10-
Matiex Main Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-