General
-
Target
e97eb4c69c852bc11196e42af00aac74903f6093f253bdab650df2c747df1087
-
Size
970KB
-
Sample
220418-my46safeg4
-
MD5
4dec4e571974acfd903c9c9e6d554e19
-
SHA1
b7503c0e814605983b0b896dc71f354be2f410a2
-
SHA256
e97eb4c69c852bc11196e42af00aac74903f6093f253bdab650df2c747df1087
-
SHA512
089772ffba6de7c359b1cb8c49b1cd6b6c002a932c01bf74f49023df515ae241429821184cc59e168e52e003730f89706b148c716954a00594b70f603aa0969d
Static task
static1
Behavioral task
behavioral1
Sample
e97eb4c69c852bc11196e42af00aac74903f6093f253bdab650df2c747df1087.exe
Resource
win7-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
vbdftvthblxjhmhi
Extracted
matiex
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
vbdftvthblxjhmhi
Targets
-
-
Target
e97eb4c69c852bc11196e42af00aac74903f6093f253bdab650df2c747df1087
-
Size
970KB
-
MD5
4dec4e571974acfd903c9c9e6d554e19
-
SHA1
b7503c0e814605983b0b896dc71f354be2f410a2
-
SHA256
e97eb4c69c852bc11196e42af00aac74903f6093f253bdab650df2c747df1087
-
SHA512
089772ffba6de7c359b1cb8c49b1cd6b6c002a932c01bf74f49023df515ae241429821184cc59e168e52e003730f89706b148c716954a00594b70f603aa0969d
Score10/10-
Matiex Main Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-