General
-
Target
53833eaa5c4c091fb3e25aa7707d1ff5ecf01aa3a69da439742186466c85042e
-
Size
562KB
-
Sample
220414-n495naafd3
-
MD5
bb3686437e0d66932c91effd44532f19
-
SHA1
c48e84822d9fd0ca1735de610d739252fc9266bd
-
SHA256
53833eaa5c4c091fb3e25aa7707d1ff5ecf01aa3a69da439742186466c85042e
-
SHA512
08e0b6a16d68ecf2e97a4f5d0ad5be677674d666f10d9a6911941cc34bbe1e3d34c37b842483990e0705fc9ed5790a83023fe539243913199d6b03bb583c3c06
Static task
static1
Behavioral task
behavioral1
Sample
53833eaa5c4c091fb3e25aa7707d1ff5ecf01aa3a69da439742186466c85042e.exe
Resource
win7-20220331-en
Behavioral task
behavioral2
Sample
53833eaa5c4c091fb3e25aa7707d1ff5ecf01aa3a69da439742186466c85042e.exe
Resource
win10v2004-20220331-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
mail.spamora.net - Port:
587 - Username:
[email protected] - Password:
Emotion1
Targets
-
-
Target
53833eaa5c4c091fb3e25aa7707d1ff5ecf01aa3a69da439742186466c85042e
-
Size
562KB
-
MD5
bb3686437e0d66932c91effd44532f19
-
SHA1
c48e84822d9fd0ca1735de610d739252fc9266bd
-
SHA256
53833eaa5c4c091fb3e25aa7707d1ff5ecf01aa3a69da439742186466c85042e
-
SHA512
08e0b6a16d68ecf2e97a4f5d0ad5be677674d666f10d9a6911941cc34bbe1e3d34c37b842483990e0705fc9ed5790a83023fe539243913199d6b03bb583c3c06
Score10/10-
Matiex Main Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-