General
-
Target
b007118d018e0a31516f487bad361ee2d815ad3dc452220abe8a8a14da08a338
-
Size
550KB
-
Sample
220511-rfw5nscbdn
-
MD5
6d0c349b72dd37e9823d2a81f2113304
-
SHA1
cd737b92b9d1168f7394fb67919ebfc6fe24220a
-
SHA256
b007118d018e0a31516f487bad361ee2d815ad3dc452220abe8a8a14da08a338
-
SHA512
0c465d4a502c75be2f2c812535e1938670cdef7850731be67718e05ccd5d49a88575ec67b07bd356f3da2a2d26ce27f00a2225694965a00769f61282a73cb3c6
Static task
static1
Behavioral task
behavioral1
Sample
b007118d018e0a31516f487bad361ee2d815ad3dc452220abe8a8a14da08a338.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
b007118d018e0a31516f487bad361ee2d815ad3dc452220abe8a8a14da08a338.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Thankgod180
Targets
-
-
Target
b007118d018e0a31516f487bad361ee2d815ad3dc452220abe8a8a14da08a338
-
Size
550KB
-
MD5
6d0c349b72dd37e9823d2a81f2113304
-
SHA1
cd737b92b9d1168f7394fb67919ebfc6fe24220a
-
SHA256
b007118d018e0a31516f487bad361ee2d815ad3dc452220abe8a8a14da08a338
-
SHA512
0c465d4a502c75be2f2c812535e1938670cdef7850731be67718e05ccd5d49a88575ec67b07bd356f3da2a2d26ce27f00a2225694965a00769f61282a73cb3c6
Score10/10-
Matiex Main Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-