General
-
Target
6422e920c2e9dadbb7218fd013230f7617feb8725aa31e3990032da3b5673282
-
Size
671KB
-
Sample
220502-1csshsbfg2
-
MD5
0fe67082415f458a0aa2c4b27711c39e
-
SHA1
4760246fc24916442b12426680be87c8828f4fb2
-
SHA256
6422e920c2e9dadbb7218fd013230f7617feb8725aa31e3990032da3b5673282
-
SHA512
ee1e33be09664285a44b425f5214854e4e1f4347fd8e27c888b6a2d3083720d1c7c147e4a5c499536771079653df3b70e4e4fdd6e7b7e9fbf5c8f85f8b9dc2bc
Static task
static1
Behavioral task
behavioral1
Sample
Tax Invoices IN102738 IN102739 IN102740 (2).exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Tax Invoices IN102738 IN102739 IN102740 (2).exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
[email protected] - Password:
italik2015
Targets
-
-
Target
Tax Invoices IN102738 IN102739 IN102740 (2).exe
-
Size
867KB
-
MD5
1edc97d794a36b1e6c0c4757f56becad
-
SHA1
8ff5c4d412ac10443a79e02f80579c1d5f0c53e2
-
SHA256
d2e9e5d1c73e145f6ca508dd8f1397ea4ce5fa1172468889f65133f0af0d08ea
-
SHA512
e820ea714c71e671557e3e2b32c4c6690cd48f04cd3c5480cf4822a3acb51e522577fc3e500f7fe4b473f7c8a210987b36268ec8bcbe08c8f4766dc3f9876917
Score10/10-
Matiex Main Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-