General
-
Target
1b282409371bffd8a0958cfc23fec3f6df136c72f43471ac913f9b904c7a4687
-
Size
5.0MB
-
Sample
220520-2qs6waaghp
-
MD5
8db829ab4445100d2c17ff53f8de0c10
-
SHA1
f23a8912d4ba7d50c8a062bae3acac48ac4b78fd
-
SHA256
1b282409371bffd8a0958cfc23fec3f6df136c72f43471ac913f9b904c7a4687
-
SHA512
a670c51f89e6db3881ba5e743cd162544104584b0d1e6ca085375b9b323c976329565b48c70f0edb77d5ccf4ee4d8bbd6511fa426e677b7f49b28611e995c83a
Static task
static1
Behavioral task
behavioral1
Sample
Payment receipt.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Payment receipt.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
Payment receipt.exe
-
Size
4.9MB
-
MD5
21ce722319d2e436a23302c488c8e474
-
SHA1
8926922f8a66a95200513918c5370b3bef143be9
-
SHA256
c9e3b73cd0bfb2a80b1ac9b3e45272975bdac5ed76ac3f9a5a2e963d82370cca
-
SHA512
2fe3408605227f45b4cd11e2eb502aa9806665433c3144c93c0c2ef4580de9d755602f232d83c111b9d7e5399c8f080743abda332a77ae107842bac1910df0d7
-
Matiex Main Payload
-
Modifies WinLogon for persistence
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-