General
-
Target
f8cbc16207bcb0ed823a11472d92e3304be87f8a4a26475d0afe154ef94122f7
-
Size
238KB
-
Sample
220502-skzl2afgh2
-
MD5
b001da1656735012b4eb72d421f0cb29
-
SHA1
e74ade725bb9590488aaaee3b8e4bb6322a938bc
-
SHA256
f8cbc16207bcb0ed823a11472d92e3304be87f8a4a26475d0afe154ef94122f7
-
SHA512
3763d23d81d88272c96e714aa2a9384e0aada5eed33ce8e9846143c57cc45a6eeb8e56817d681227025da690ba649532cd188ec076ed9ef8aa9647ed3b316bc6
Static task
static1
Behavioral task
behavioral1
Sample
2797508E2-20F2-4C2C-879A.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
2797508E2-20F2-4C2C-879A.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
pro40.emailserver.vn - Port:
587 - Username:
[email protected] - Password:
Huynhngoc@123
Targets
-
-
Target
2797508E2-20F2-4C2C-879A.exe
-
Size
668KB
-
MD5
374e8dc3b94876fa4dcb268599802eb9
-
SHA1
d1a4fa01f5df469d4f0500743d889b82f004cff8
-
SHA256
8280027cf2f493a836aefff88a0fdc476bad22df8ffb103e279b694951762714
-
SHA512
b0256c4d63ca995704db9ac145c24da7967d432b26518f71e3dc67163ffa4865a39fe10731a6c33deb60c6fa0d20c44f3ba999246ad0d0c4789bd265037e5a67
Score10/10-
Matiex Main Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-