General
-
Target
0b09ec3596a13fa899e10cb15eab334ab0eb263b714ffcb3110ce24e1a1bdbda
-
Size
395KB
-
Sample
220520-rpvyzabagn
-
MD5
bdcd67f21c0ac5891d97a38afc29d98d
-
SHA1
3725b3bd35f829a82f8eb698e6beb61f4c7bd41f
-
SHA256
0b09ec3596a13fa899e10cb15eab334ab0eb263b714ffcb3110ce24e1a1bdbda
-
SHA512
a4b22f19c3f535530b93b4642b6885bf4c0a629df162e0ef3bad1c02631bd0f44abc14fd73736cfa5b8f1438881ceb48d953da9ffacbefc2560aeffda20d91b4
Static task
static1
Behavioral task
behavioral1
Sample
File.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
File.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
SMTP.gmail.com - Port:
587 - Username:
officialmarc54@gmail.com - Password:
blessmelord
Targets
-
-
Target
File.exe
-
Size
693KB
-
MD5
c66a781c007bb89b164c49068e8a5d58
-
SHA1
fb6cef4cbcdb878b0b95a7fe0850832010d2f2e9
-
SHA256
f2c8e60f6dea2f01ded10eed11783cd5173650bbc6e14d8ec891f441fea26b42
-
SHA512
805e0cf784827848a5c1e60d2e9fe032cc4edf7b5677cf2f93ec21d8e499815fc16d8b1b70a29ae7e22481f6e2a5e354d5cffe969a435574431fad8ae998bd43
Score10/10-
Matiex Main Payload
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-