General
-
Target
fd39401c01097b075ab3e5ea0e26cac9355bbc197cb15dd003fc1d1f1fc3babe
-
Size
504KB
-
Sample
220207-3twa3sagek
-
MD5
f0479d034c115632f971fc38504cb367
-
SHA1
c2de71115182aa3586ae2906ba93a729f1bb7d3c
-
SHA256
fd39401c01097b075ab3e5ea0e26cac9355bbc197cb15dd003fc1d1f1fc3babe
-
SHA512
a7e0db82eef7848e77fe323baacf910d5ee6d7dd4f6835dd458d71cc7d8ef7c2c2aef59772cf4678dbec35da96f172d4509ab7a19da71f52c971b1b070b029da
Static task
static1
Behavioral task
behavioral1
Sample
MOT-09800080000.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
MOT-09800080000.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
[email protected] - Password:
italik2015
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
[email protected] - Password:
italik2015
Targets
-
-
Target
MOT-09800080000.exe
-
Size
525KB
-
MD5
bda2eaf80ab5ed6fd1128d4ae02e2f1b
-
SHA1
12aa26befa0055398748ae12ae0d04f286c565cb
-
SHA256
ffcf5fb0cd579ec9b9ce49e2b1eafc62f89fdcb5d418e338cd6dab310a241a2d
-
SHA512
a34e9c827d29efe8dc44296ee3a1dbd2daa59594125372099d6f1219a455c6d5de934848ca098dee50d0f7dfe09ed1db0337b0f1d7063e94749b24dd4b616087
Score10/10-
Matiex Main Payload
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-