General
-
Target
0b2da1d6b98306bf204f7c061976afe3d460af1da864c104bb1b6f9d0997fddb
-
Size
182KB
-
Sample
220521-nx65eshden
-
MD5
51160c0247a5df44b36938610c2574ce
-
SHA1
034c9a7f595b9206c7700cc01f91339c0f63f500
-
SHA256
0b2da1d6b98306bf204f7c061976afe3d460af1da864c104bb1b6f9d0997fddb
-
SHA512
a45741335d8bcb58316824eba0171b31026f3f0f98a3f1fb8484ff9d1c165aaa54577dac499e7057a713de3a937b3999d3257f2566be715460e956cba76e9c17
Static task
static1
Behavioral task
behavioral1
Sample
R010982210.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
R010982210.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
mail.metauxsud.com - Port:
587 - Username:
euro@metauxsud.com - Password:
hushpuppy2020 - Email To:
dollar@metauxsud.com
Targets
-
-
Target
R010982210.exe
-
Size
534KB
-
MD5
76954c7b00750983a2dc26ecd1dce1b7
-
SHA1
9b783fe07d49991ec118d072621be2c42f9d8796
-
SHA256
c4b558efd2baee3e3b2e39a7b88da203d870857a8331b403b003643ab066b930
-
SHA512
fb04fad2d8466ee5c7e3e41588ca6915f05aba759c20aa802dc796ddba46b13db729abf7200a61bc5cca0ec2e97dde695f07653512d8fac797f2ee481a273266
Score10/10-
Matiex Main Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-