General
-
Target
2ff18076fa2fa3a34858fe3b080953dca64785744697b3466f55e7bbbcf9a689
-
Size
336KB
-
Sample
220521-bbxmmsefgp
-
MD5
19b508c429abba1b8bb711864834801f
-
SHA1
0f7786add8352321ec41de7501922a6e955cd310
-
SHA256
2ff18076fa2fa3a34858fe3b080953dca64785744697b3466f55e7bbbcf9a689
-
SHA512
c76ec0b839fbdeed8a1fb143cbf07175ab342f3a959396edd7a35eb7032d9092952720aad29bff4dc40d68bfe4856fe4989d4aa099bff72f6bd031f3ba41e309
Static task
static1
Behavioral task
behavioral1
Sample
Quotation #257&439.exe
Resource
win7-20220414-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
beatexploit@yandex.com - Password:
welcome@100
Targets
-
-
Target
Quotation #257&439.exe
-
Size
376KB
-
MD5
0ada92dbaeebf340360ac5b3dcf9a459
-
SHA1
6c70fc7a6e3d08f39b5393341290658e8cbba591
-
SHA256
302ef66c9868c12a36517bd2ee12254442b7504d17afdeabdc9264954e19a952
-
SHA512
393fec311d35289126b268b64a249b07885bfa5eacc6d0db58a2e712b09a8b2b9262bba8435f60d460ecf4dde2ab345db5d514e9bb9d95ade30c439428c5ab4d
-
Matiex Main Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-