General
-
Target
6df680b0ce18173aec143502e2a4e8fa219ebe4ac4f42c639e64ff8a1afdd129
-
Size
260KB
-
Sample
220520-3cjwqagfc4
-
MD5
1feb87a1cde3b978bddc82f2bc762443
-
SHA1
74d58f4c349e88f0337b99768b01ffd6de376df9
-
SHA256
6df680b0ce18173aec143502e2a4e8fa219ebe4ac4f42c639e64ff8a1afdd129
-
SHA512
660224269dde0511af3996a110835e6e00c170e767a922aef595a1f26f68a0183db3996ecad3ea703b779ebb529541aa8c791c4edec1f8a8eeb5f61b1f781f8f
Static task
static1
Behavioral task
behavioral1
Sample
PO 6522301.PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO 6522301.PDF.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
jjuvien@yandex.com - Password:
GOOD123456
Targets
-
-
Target
PO 6522301.PDF.exe
-
Size
299KB
-
MD5
dc1b2578f1fcbaaf4e9cbfc52586edc8
-
SHA1
fbb4747ba4a4fd8b83f2df8b41cfe85ae5662515
-
SHA256
f724bcf4c7048f177dcf17bd2b68822f75b9ff41957f026d7ceb6ff0082a25b0
-
SHA512
4e5ed3f76457b617558f53872b89e907db65b6c8ff73b870489c84c1f763dd31282797ff3b865a47a514b89a18c1221a4ea62a8d3d89596987fe9e79c6b5a8a0
Score10/10-
Matiex Main Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-