General
-
Target
7886d3b7f41a5caeff352a0e574e7c6dfcd89a6888f8860d8af873548b5b543e
-
Size
1.7MB
-
Sample
220520-2qnldsaghj
-
MD5
95e054a70008196b02e2cfbe4480c3fe
-
SHA1
df020a171720378bc191e0f9e52a4a6884abdb42
-
SHA256
7886d3b7f41a5caeff352a0e574e7c6dfcd89a6888f8860d8af873548b5b543e
-
SHA512
47007d6d421bd6655e2b2d75e4c76b10b0779930e9efdcba3536c254cc67b9ace888f39b69e98c778ad259df08c10dc2b3f79889866d775909d3fb2a7cc92d04
Static task
static1
Behavioral task
behavioral1
Sample
7605122309.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
7605122309.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
baso.elcx@yandex.com - Password:
HYF76io83%$6***
Targets
-
-
Target
7605122309.exe
-
Size
1.1MB
-
MD5
ad19d31c1acf47a74573444337f81c1c
-
SHA1
9e51312eba1d12c9b141700d50db9349f349620b
-
SHA256
630bb247d9c8f85f918a274ef04c5c5df8347176444b9e0222b68648ca999ccb
-
SHA512
50b196e5b092d2c5e21099aaf59687472b0d1d7c06a75204f08fd75a5d2180a7deaf705de7022c7b6d06da3022b104b932530360b60a25accc87bd71fb18a720
-
Matiex Main Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-