General
-
Target
5db167e8cc20f6b5d34a37383cc5c9299a40624073be1f8ebab5420975a39313
-
Size
260KB
-
Sample
220414-pj88asbec7
-
MD5
c99a302039cf1d86ca16653df4d8ac1a
-
SHA1
9f502a4c6f6cc9170199b8a19ae1f781e8116d5b
-
SHA256
5db167e8cc20f6b5d34a37383cc5c9299a40624073be1f8ebab5420975a39313
-
SHA512
8787289badb8af286812716e07838769078aff38728e45b12fd0bb9d2eb01f26fc9982b01dce225738e6165f7b17c4b00c6f039e78ae172a914a59899817a288
Static task
static1
Behavioral task
behavioral1
Sample
M097508E2-20F2-4C2C-879A.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
M097508E2-20F2-4C2C-879A.exe
Resource
win10v2004-20220331-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
[email protected] - Password:
italik2015
Targets
-
-
Target
M097508E2-20F2-4C2C-879A.exe
-
Size
709KB
-
MD5
13f08d08bbaa99bfd4cf481cf682bd7d
-
SHA1
210fce69f4278eb3f9e2574eb1d3fd7febe8212c
-
SHA256
d32af58205d0773daf139d13738f918e03f4d30439086b6eda0dfceef3369b58
-
SHA512
4483ba364a7525b2c8a6e2154a9d166873aba8ea1fa717c06aa90db7c1d540e317425cc33c254fbf41cd26cad2eb196c093b86d5c3e0c9c6fed358795d357330
Score10/10-
Matiex Main Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-