General
-
Target
cd8d944df4259af50a3fa6a148cf922ac579e2bc379ca85d554d33dbe62642f3
-
Size
319KB
-
Sample
220520-3syptacdak
-
MD5
24648d6dbb665a6ca685c3e92c389981
-
SHA1
be5f5ec9954dd8f2e7f9b6e76317f20461c053b1
-
SHA256
cd8d944df4259af50a3fa6a148cf922ac579e2bc379ca85d554d33dbe62642f3
-
SHA512
16041ee5f146a80327c25abf45d89dd9cfc35bc24dde31f63fafa40ef8af87172739bd377163c06a1a7b4926deee10ffeaf5b02bc0d2cd4a3f67396cc9903137
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Purchase Order.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
k4kuml@yandex.com - Password:
GOOD123456
Targets
-
-
Target
Purchase Order.pdf.exe
-
Size
361KB
-
MD5
206f4433e9871eb640d993237c23933e
-
SHA1
c915f546298de42e3f5b7c1eb674dc4d0425df04
-
SHA256
074c065bacbb7880ce7f0d4d2ef0794398bf9152beb9a59d6d7f096b6e94e44d
-
SHA512
49f0cb6eac3be11aea716f7038e31626804734e41cf0ef5cd62e52af6297eba4046501cf01c42f97b2d247c2111f4d962ccc9ada4e1ba52ad8cc932eab7a735a
Score10/10-
Matiex Main Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-