General
-
Target
2f9a2aefb5643411a8c28b48c23e60463a120ddf2311ae72d3dfab9148aa54cc
-
Size
683KB
-
Sample
220319-xh927sgahn
-
MD5
bea5d9869f018062424e73d5f1fb5574
-
SHA1
daf7c7abbb95a3fb26f7079555cafa469b97da76
-
SHA256
2f9a2aefb5643411a8c28b48c23e60463a120ddf2311ae72d3dfab9148aa54cc
-
SHA512
4408346da6fcfd9218f4febd3d2be612d819eb7cfb1868b01c78bf22e2dbbea0a7578300de9ded99ba78f37644a82857b7f3da6f6a3a7b31754de8812794cc71
Static task
static1
Behavioral task
behavioral1
Sample
2f9a2aefb5643411a8c28b48c23e60463a120ddf2311ae72d3dfab9148aa54cc.exe
Resource
win7-20220310-en
Behavioral task
behavioral2
Sample
2f9a2aefb5643411a8c28b48c23e60463a120ddf2311ae72d3dfab9148aa54cc.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
Protocol: smtp- Host:
mail.zavidovici.ba - Port:
587 - Username:
[email protected] - Password:
12Opc21!
Extracted
matiex
Protocol: smtp- Host:
mail.zavidovici.ba - Port:
587 - Username:
[email protected] - Password:
12Opc21!
Targets
-
-
Target
2f9a2aefb5643411a8c28b48c23e60463a120ddf2311ae72d3dfab9148aa54cc
-
Size
683KB
-
MD5
bea5d9869f018062424e73d5f1fb5574
-
SHA1
daf7c7abbb95a3fb26f7079555cafa469b97da76
-
SHA256
2f9a2aefb5643411a8c28b48c23e60463a120ddf2311ae72d3dfab9148aa54cc
-
SHA512
4408346da6fcfd9218f4febd3d2be612d819eb7cfb1868b01c78bf22e2dbbea0a7578300de9ded99ba78f37644a82857b7f3da6f6a3a7b31754de8812794cc71
Score10/10-
Matiex Main Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-