General
-
Target
d6cc26090184738bc0af6fc4962ef79065c7906326f29b23761e699f8e59b872
-
Size
468KB
-
Sample
220520-3qmjrshch5
-
MD5
599fa4800a705f0a95927e2d1340c73d
-
SHA1
5d97bd35c7fb609357070af78fbf7ee392409c8a
-
SHA256
d6cc26090184738bc0af6fc4962ef79065c7906326f29b23761e699f8e59b872
-
SHA512
9080aa0c3683e780891faee1324f3ad35ffae1721c67c764c3c714b9b965dc7aa1885637d141c49b09625891f8dcb97fe5aef88825c6aeb6c4b08d60bd0627a5
Static task
static1
Behavioral task
behavioral1
Sample
URGENT.PO.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
URGENT.PO.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
kingmoney12345
Targets
-
-
Target
URGENT.PO.pdf.exe
-
Size
647KB
-
MD5
c934ff92eb72cb2a4a7e3beebe46c07c
-
SHA1
3cede206bd43133a07c5ef67281b922b58f28d8b
-
SHA256
45a2796fe63b4de3b22f992d5259ca8efdf22d33670c5446a71d288d9f182ef5
-
SHA512
714df13bd235e92285576f32133d0cb1fdb8fc0c68ea3db030984f957a5d583c44f14b89b05eafff07a9e37aecdd74768424e89f1f391c34319d0637b74ef96f
Score10/10-
Matiex Main Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-