General
-
Target
a1b432f03f0e88407c71b210a5f013ddeff35a1fd7fe36f5fd03808a9474c766
-
Size
463KB
-
Sample
220415-be2qrsafe8
-
MD5
c64e46b8a01abad95b7f9e317778f1da
-
SHA1
f27d976223aa8bd7bcbc28e59fd2eb75ed33bbb8
-
SHA256
a1b432f03f0e88407c71b210a5f013ddeff35a1fd7fe36f5fd03808a9474c766
-
SHA512
6ffe5a9b183a82b088966be5611de20c29ae6c03cfd148d6091e16ce0a7b61a2f64459e2007480c013fbe479588df70ccb500491e70d1b466a8473d6cd58a3c4
Static task
static1
Behavioral task
behavioral1
Sample
a1b432f03f0e88407c71b210a5f013ddeff35a1fd7fe36f5fd03808a9474c766.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
a1b432f03f0e88407c71b210a5f013ddeff35a1fd7fe36f5fd03808a9474c766.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
Protocol: smtp- Host:
SMTP.yandex.com - Port:
587 - Username:
[email protected] - Password:
yahdera121
Extracted
matiex
Protocol: smtp- Host:
SMTP.yandex.com - Port:
587 - Username:
[email protected] - Password:
yahdera121
Targets
-
-
Target
a1b432f03f0e88407c71b210a5f013ddeff35a1fd7fe36f5fd03808a9474c766
-
Size
463KB
-
MD5
c64e46b8a01abad95b7f9e317778f1da
-
SHA1
f27d976223aa8bd7bcbc28e59fd2eb75ed33bbb8
-
SHA256
a1b432f03f0e88407c71b210a5f013ddeff35a1fd7fe36f5fd03808a9474c766
-
SHA512
6ffe5a9b183a82b088966be5611de20c29ae6c03cfd148d6091e16ce0a7b61a2f64459e2007480c013fbe479588df70ccb500491e70d1b466a8473d6cd58a3c4
-
Matiex Main Payload
-
Meta Stealer Stealer
Meta Stealer steals passwords stored in browsers, written in C++.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-