General
-
Target
2d6bdc4526934ff8ba05addc48061c18b6b4153f0d164f3a9fc88bcb63957334
-
Size
1.1MB
-
Sample
220614-x63m2adfe5
-
MD5
ef749ac5b73c61943d9447890bcb1ca6
-
SHA1
cf2336e5a6d51ee51c443c758c4dc1ce833dee85
-
SHA256
2d6bdc4526934ff8ba05addc48061c18b6b4153f0d164f3a9fc88bcb63957334
-
SHA512
ecaccbc11f257e81c4261b1397162b9ab6374eba2f1503183a554c6b71b1aa0cc56d948850fba234d9eafa981a2b27ac75e0eb157be720e9b0ec1cdab44f130e
Static task
static1
Behavioral task
behavioral1
Sample
2d6bdc4526934ff8ba05addc48061c18b6b4153f0d164f3a9fc88bcb63957334.exe
Resource
win7-20220414-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
mail.gschofield.com - Port:
587 - Username:
gschofield@gschofield.com - Password:
gaston1955 - Email To:
managerjames001@outlook.com
Targets
-
-
Target
2d6bdc4526934ff8ba05addc48061c18b6b4153f0d164f3a9fc88bcb63957334
-
Size
1.1MB
-
MD5
ef749ac5b73c61943d9447890bcb1ca6
-
SHA1
cf2336e5a6d51ee51c443c758c4dc1ce833dee85
-
SHA256
2d6bdc4526934ff8ba05addc48061c18b6b4153f0d164f3a9fc88bcb63957334
-
SHA512
ecaccbc11f257e81c4261b1397162b9ab6374eba2f1503183a554c6b71b1aa0cc56d948850fba234d9eafa981a2b27ac75e0eb157be720e9b0ec1cdab44f130e
Score10/10-
Matiex Main Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-