General
-
Target
3f444cc8ccb0bebbb6539b98d64e8fed19e2f7e6f950d18d63e9e8716012ccb7
-
Size
551KB
-
Sample
220419-pjrcgsbed7
-
MD5
3eb6593e42fb0f63c30f5215994074b1
-
SHA1
208c3a6c75b7b6b2f4a3ee93396b76cb9251896f
-
SHA256
3f444cc8ccb0bebbb6539b98d64e8fed19e2f7e6f950d18d63e9e8716012ccb7
-
SHA512
e853bace4a7532c4fe12c4ec6e9f45d668e9376c3b3ecbec739bc3db458f68697d7812771caad35f1f6e2b70eae0ddf10815e2bbc5ab4d7ed307a2db6d7f530d
Static task
static1
Behavioral task
behavioral1
Sample
3f444cc8ccb0bebbb6539b98d64e8fed19e2f7e6f950d18d63e9e8716012ccb7.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3f444cc8ccb0bebbb6539b98d64e8fed19e2f7e6f950d18d63e9e8716012ccb7.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
[email protected] - Password:
italik2015
Targets
-
-
Target
3f444cc8ccb0bebbb6539b98d64e8fed19e2f7e6f950d18d63e9e8716012ccb7
-
Size
551KB
-
MD5
3eb6593e42fb0f63c30f5215994074b1
-
SHA1
208c3a6c75b7b6b2f4a3ee93396b76cb9251896f
-
SHA256
3f444cc8ccb0bebbb6539b98d64e8fed19e2f7e6f950d18d63e9e8716012ccb7
-
SHA512
e853bace4a7532c4fe12c4ec6e9f45d668e9376c3b3ecbec739bc3db458f68697d7812771caad35f1f6e2b70eae0ddf10815e2bbc5ab4d7ed307a2db6d7f530d
Score10/10-
Matiex Main Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-