General
-
Target
680ead0c089f69dff1932fa58d8b72959565a8959a886520720e79be7d5c08d2
-
Size
11.3MB
-
Sample
220326-jag5kaaaa8
-
MD5
3f3c964143f2609ba953c8648f0ff5b2
-
SHA1
4eebac115f1a5ecb1061c6eb89e707b512ea4549
-
SHA256
680ead0c089f69dff1932fa58d8b72959565a8959a886520720e79be7d5c08d2
-
SHA512
dd8e51f76da847dee7d10af0fd47fe4a4f237a915cdd5c67976ce016ae9c9e7f0419cb1d91d17e7b6765050536de7b886643e380c0dc865fc79c2b79a6b7e754
Static task
static1
Behavioral task
behavioral1
Sample
680ead0c089f69dff1932fa58d8b72959565a8959a886520720e79be7d5c08d2.exe
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
680ead0c089f69dff1932fa58d8b72959565a8959a886520720e79be7d5c08d2.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
matiex
Protocol: smtp- Host:
smtp.privateemail.com - Port:
587 - Username:
[email protected] - Password:
MARYolanmauluogwo@ever
Targets
-
-
Target
680ead0c089f69dff1932fa58d8b72959565a8959a886520720e79be7d5c08d2
-
Size
11.3MB
-
MD5
3f3c964143f2609ba953c8648f0ff5b2
-
SHA1
4eebac115f1a5ecb1061c6eb89e707b512ea4549
-
SHA256
680ead0c089f69dff1932fa58d8b72959565a8959a886520720e79be7d5c08d2
-
SHA512
dd8e51f76da847dee7d10af0fd47fe4a4f237a915cdd5c67976ce016ae9c9e7f0419cb1d91d17e7b6765050536de7b886643e380c0dc865fc79c2b79a6b7e754
-
Matiex Main Payload
-
Modifies WinLogon for persistence
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-