General
-
Target
a4c832d2df84b3c31d5d1daf2f02c3e48e9f4b3b6f5d2032bb2fc425c662de66
-
Size
546KB
-
Sample
220520-2b3f1aabfm
-
MD5
f03f3613e088aed817c2085cea98a629
-
SHA1
ecb30ed714f3c83df8bf9c01afb1469215d60473
-
SHA256
a4c832d2df84b3c31d5d1daf2f02c3e48e9f4b3b6f5d2032bb2fc425c662de66
-
SHA512
deac7d5911263481009fe2447855aaa418acfdc31bcacc24057e1f7a01be6ee4e6d8526872cd5c49881d79a68d7e69712450dddde256a1f88c66479efaf2a10a
Static task
static1
Behavioral task
behavioral1
Sample
DHL Shipment Info.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DHL Shipment Info.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
mail.marketinfosales.com - Port:
587 - Username:
[email protected] - Password:
v,,++Y&AiD(B
Targets
-
-
Target
DHL Shipment Info.exe
-
Size
606KB
-
MD5
c25c9e302e3bbc669e210c961e271f2e
-
SHA1
cd2a44a2bae5b250be394f21c947014f2c6d1aab
-
SHA256
6438b80d095ec295859cb2b1c099f1ae2ac0485705a447b991e84b551e40047e
-
SHA512
19e136ddc62dffce0512fcdac20e0b1fcc65e9366b4cda15e1cd80d6907a5247b31469eb0579275ce8ef06335b06fa291c3a6d1746b373b81caa03ff0cd14a14
Score10/10-
Matiex Main Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-