General
-
Target
c00d17f0d857d7124090cfda8e3be6139e90378f84d77f692c7306ed20da2b9e
-
Size
358KB
-
Sample
220520-rhxh8afgb8
-
MD5
b5a22d486475e76dff1c29ea7a4cd255
-
SHA1
cbfd161050618d2b83f59851ab6940e14a3ab3e7
-
SHA256
c00d17f0d857d7124090cfda8e3be6139e90378f84d77f692c7306ed20da2b9e
-
SHA512
62dbc89051d9cd7f20b2417dda7bc650de3e774b12463e38b17193a5f17d1d6e64d4cd292985ab765fe421bf42e69af0385aa58c3473dc73d8ec3fe3722cf9c1
Static task
static1
Behavioral task
behavioral1
Sample
INVOICE.PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
INVOICE.PDF.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
matiex
https://api.telegram.org/bot1361411551:AAEXdgrDr6ha4cqLOl8OniveGLUmuvmAAbU/sendMessage?chat_id=1342486330
Targets
-
-
Target
INVOICE.PDF.exe
-
Size
776KB
-
MD5
7ad2834ccb90213af7c5c4411eb04253
-
SHA1
ff5fa39d9302c64669c65f37547915b4252f42ba
-
SHA256
b8a6818ebadd26de05a88a3938a3fc3ee593184be5448af728f5ff07e7ca2ddc
-
SHA512
438999d2d64915ebd2f4883f7301221c641cf041e3afdb455af3f5de1f1e763d7552201366cb9b26ecf03f6ac6eba32150ff05cfd94af12fed5c22573b5cb26b
Score10/10-
Matiex Main Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-