General
-
Target
e23b7d13005a4ae030e856c7d6fcf8fa_JaffaCakes118
-
Size
664KB
-
Sample
240915-l6bnrsyflm
-
MD5
e23b7d13005a4ae030e856c7d6fcf8fa
-
SHA1
b86a0316911dd692cdd148fa172e7fe3148f8ea2
-
SHA256
4fa41c445c944ca1fe1c93b725ac3c5e0a677331234a03647f5751825cc9e528
-
SHA512
7fe8cb3ca96c114fe8e2b0fbdbe4fb45014e01f84d2e902e50a070d67197dd37520307e5e37a31fe81958b4180299b4e0dabfd5a86d99efc976842cd32201739
-
SSDEEP
12288:3J4F9agqLKMr87mOkJbB/HqChW6JhUr6Dx2XWtk+Q5VtxzMFwoGEdBmvOe:3eFg2Mr1OkJxqCTJhUr8xptk+Q5VtqSl
Static task
static1
Behavioral task
behavioral1
Sample
WAY-BILL.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
WAY-BILL.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
ebop.website - Port:
587 - Username:
[email protected] - Password:
P@ssw0rdP@ssw0rd
Targets
-
-
Target
WAY-BILL.exe
-
Size
693KB
-
MD5
80ca7c023f86983b45096df0433a8966
-
SHA1
6333e753ee7549a668b7f048646244b4151a802f
-
SHA256
99a9f37b29dd440c803ea37c57a6acded495d4b49c165f66b3fbe8a427972799
-
SHA512
f4ff2d80babf175d9e10d63219fd870861eff8787b70e4adf69dd70621774956dacc7853e4acfa82d6fe9ae9bd38db6dd97dc96868b1151d93b5e84034eaccbb
-
SSDEEP
12288:RgQv+Ae5eBFlKGQUmhb3O7hTSLeBUU04V2dA+LELf88LO0jW7:OV5zUmh76cZU0E2dSvKP
-
Matiex Main payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-