General
-
Target
0db83f951cd91e31097d69a68a6a9e1c801180ca161c7024b665eb2d5422c316
-
Size
317KB
-
Sample
220520-rprxbabagj
-
MD5
6fea872ab5569ca220ae658a3b0b8184
-
SHA1
a4e1f3855bee1ca715990f81df4a92df4837c1a7
-
SHA256
0db83f951cd91e31097d69a68a6a9e1c801180ca161c7024b665eb2d5422c316
-
SHA512
bc3be8c5101e98e15737fd897cee9b4b5e2b7b24826addd1521ce0483bd2ec2d14e2584832328b1ad1d0d48af991ed1355f1ed54b6fe4735cf317a050599e222
Static task
static1
Behavioral task
behavioral1
Sample
PO.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
mail.greatgoldenqlory.com - Port:
587 - Username:
logistics@greatgoldenqlory.com - Password:
chibuike12345@@@@@ - Email To:
info.expressgloballtd@gmail.com
Targets
-
-
Target
PO.exe
-
Size
645KB
-
MD5
c30c5dfe0e3c434a2bee493ed9637d23
-
SHA1
606668d85092f01507e105c28caa9db730a7b98e
-
SHA256
a97aec67e2a556ec45ea8aa3db146d119d39b14486db55ad5b930f8295eccfae
-
SHA512
8ba8506638c080ef37ce51e72949405c63c56c6015bf4bd440fed110de161ed746e9fd35ecbcd386f5e696117c8b6e707cc3c7b410cf3466bdd52273db321013
Score10/10-
Matiex Main Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-