General
-
Target
3edffff5d0b4676e82651d831ec9081d9a142f91279b1c17c279d27f42089d97
-
Size
491KB
-
Sample
220208-b5g42sbgdk
-
MD5
a4da82c7e559d01b755e9225ecda9023
-
SHA1
bd64f29df65a3357a2d9b303a60de10d0219d351
-
SHA256
3edffff5d0b4676e82651d831ec9081d9a142f91279b1c17c279d27f42089d97
-
SHA512
5d246408a6bddcd88ebf96692f889ed65efbe1c51ad56f3c8354c2c8f07b70cf0c6a0a90a061e6dc25f89bc9a634260f6968796f9471efb8d8a008f313f832c7
Static task
static1
Behavioral task
behavioral1
Sample
New Order.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
New Order.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
matiex
Protocol: smtp- Host:
mail.cleo2solutions.com.au - Port:
25 - Username:
[email protected] - Password:
Enter@123
Targets
-
-
Target
New Order.exe
-
Size
699KB
-
MD5
973f5e36b9bda2af1fc4ac6681d6c352
-
SHA1
86de1a7dd22248e40e724acf6abe3aa78815e13c
-
SHA256
9a7ead1cdae41a3f396acb728cfd16e137e98070690f2ac90b5f1445474bec8c
-
SHA512
865f8ecc9b607a049c4e613bfff65906cab0a3d1425b92ef0931a33d89618c9cf9b5febca3e6229dc3b311d0bdc19b82bd8bcb8e9dc1c89fc3f881f1085333fe
Score10/10-
Matiex Main Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-