General
-
Target
91f71bae5c1c349b2bb32f8ad9c45ce6c4a4febe778612abd5837c373cd35e13
-
Size
263KB
-
Sample
220521-cz2ryaegd4
-
MD5
83b12fa90b9f6278e7740d729df13ac2
-
SHA1
ab505542f7af867e3d530f5c1c11b22bcca09859
-
SHA256
91f71bae5c1c349b2bb32f8ad9c45ce6c4a4febe778612abd5837c373cd35e13
-
SHA512
c828a2aa5f6ceb17b242acffad6a5ba147d0b8ebd62c2118b1e7e38c1e96dfc437225f83d4d78e0f028b95221401b530a442b52a407fee957ba3e900f9213bef
Static task
static1
Behavioral task
behavioral1
Sample
Payment_Advice.pdf.exe
Resource
win7-20220414-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
mail.salujaford.in - Port:
587 - Username:
backup@salujaford.in - Password:
saluja@#$chd
Targets
-
-
Target
Payment_Advice.pdf.exe
-
Size
406KB
-
MD5
90ca190833ba167e67a64a3d39128564
-
SHA1
07195c9698651033e836a909db47e5bef5254ef3
-
SHA256
d8e06b19a570b7ac261cc5ea283844c95871a2ee5340cc7a6a2581dfdee1f36b
-
SHA512
c4bf951da169194b5cad9b3cf4c78505efe07d92899396009c8c0699eacd64fda25f02d3e89e9fe3b01e116a1a5430422d7a3fb46eb42bdc8845e9706226aeb0
-
Matiex Main Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-