General
-
Target
d8a2184f952bf70784f4fb038f3e38e755cdd7a550ade5b39143134fff251710
-
Size
383KB
-
Sample
220520-3qbghaccan
-
MD5
6d9e91cc4c8831067a8fe28c9565797d
-
SHA1
08a3c13a9182c0ec772a004107ab32d4bd547099
-
SHA256
d8a2184f952bf70784f4fb038f3e38e755cdd7a550ade5b39143134fff251710
-
SHA512
2609de9a2705b17ffee11eed91d0bec91e0010645013074571e703f87b8141ec25f2c7312a4ebef60292423ffe8cf6c3f3e9e897aaa885cf45a3b5af9ff8d8d4
Static task
static1
Behavioral task
behavioral1
Sample
Iterms.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Iterms.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
Ifiiedwin21@gmail.com - Password:
@@@monday
Targets
-
-
Target
Iterms.exe
-
Size
545KB
-
MD5
b1266a94b7dd2553fd9b30c2dfb72ae4
-
SHA1
0cb3165a1741cf80812ae22cccafb1385fcf4324
-
SHA256
cf8207bd6ead9bcadcaaaad2940956f75d90a67daf6ddb8dc1907900645a5f69
-
SHA512
1272483192f36adac3dc5c5feeb0da27456842573e59feb0e36803a17498372ade9c824960c9e2d8368a802ec0208887e1692841f2f76a6220800e18e7eb44e6
Score10/10-
Matiex Main Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-