General
-
Target
fed370383e77e064d4e38c1bc8d454a5e51bed5a5281d7b7fa2b549f756c3814
-
Size
365KB
-
Sample
220520-3g7hksbghp
-
MD5
884e34cbff0bf552961b06ebb0764e27
-
SHA1
1dc281b62cba553aff05a38c4e8702e0ea6aeb02
-
SHA256
fed370383e77e064d4e38c1bc8d454a5e51bed5a5281d7b7fa2b549f756c3814
-
SHA512
3c07a5159e93e27b250db69195993213b4383b87a2eb0f991a78a7017f7b1432736a1d9f9f8a8c50652bea23f4acfa72bd82210b5b85b8769afd299aca0f0e88
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order 251177.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Purchase Order 251177.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
GOOD123456
Targets
-
-
Target
Purchase Order 251177.pdf.exe
-
Size
620KB
-
MD5
de2cb62deae3547dc782d3229b4bdd52
-
SHA1
ed48de586e986ec9cc8eef85c04b735872cb1af8
-
SHA256
798757b5cf663c8a4f19074ad76705d66ed8295a4b66d44ee418971391c00c2d
-
SHA512
c44fa8b9161ba539e6f2fe265641883005ac5b8372bd3a9fdabe60b75374cdf8049ed7d9e75b2283be5654b55887ceb95246f696e6abfa41217f4710da25aaeb
Score10/10-
Matiex Main Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-