General
-
Target
a36df06750c220466e159f6b8f097dc99c2bea8c6330ede922c7374d2e8dbe2b
-
Size
540KB
-
Sample
220521-bqtvasfchk
-
MD5
c0c59f3baef23cf73dc19fda1371903c
-
SHA1
25d49fc933cad89ca1df5d824f477a8b9c6975ea
-
SHA256
a36df06750c220466e159f6b8f097dc99c2bea8c6330ede922c7374d2e8dbe2b
-
SHA512
95dd1ffcd65c14a202dd2c53e1153e5c863f96b54425b1b1b06d647e90641fcc3c4b676b5dace532491d5a593a76bf6790d411d649f5c66cbef24e5fa40cfeb6
Static task
static1
Behavioral task
behavioral1
Sample
StormGeo_Invoice_202008242288..exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
StormGeo_Invoice_202008242288..exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
mail.augustianie.pl - Port:
587 - Username:
delegat.duszpasterski@augustianie.pl - Password:
delegat.duszpasterski
Targets
-
-
Target
StormGeo_Invoice_202008242288..exe
-
Size
611KB
-
MD5
1685858a9090b769ef6dbbe8ad93ec85
-
SHA1
4e9c9b4dfabfd8605c4fc0f2af2522762dce94b2
-
SHA256
f3f9f4cc7099729cdea76954e338c0dd8d0404d50177a63ce50088aafea6ce26
-
SHA512
397923317110d8c356c75d75d155995a4918207eb6a43e62e7053737acc712ced9a8aab009cc3c8db5cfddf3dd54bea4221abaf137e424d09d71644f41256287
Score10/10-
Matiex Main Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-