General
-
Target
9975e7afa1b740087e674d0e8600e95c14fbe862a14b7188e709723d6123f732
-
Size
732KB
-
Sample
220502-1c3mqabfh3
-
MD5
f0d0649e3ee59f959248f4535990ac5e
-
SHA1
8422a51c138dafd03f984682cb8fb63ea932bafa
-
SHA256
9975e7afa1b740087e674d0e8600e95c14fbe862a14b7188e709723d6123f732
-
SHA512
fa54e190aafe09e838f43781635ac8da292f89653c5bd3d49b946967e4ba39b5b8a956e7e6777793d326e03654ca7c11295b92ab6627ef958511f21776a95b93
Static task
static1
Behavioral task
behavioral1
Sample
Quotation 7339.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Quotation 7339.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
[email protected] - Password:
italik2015
Targets
-
-
Target
Quotation 7339.exe
-
Size
3.6MB
-
MD5
830dcd49c9b23bf35d7d8bc6caf099a8
-
SHA1
8faecce6b954965528969fc946e7650865dbd763
-
SHA256
0ee6256edbcb97ace761a15d86ce3e3adc080364f752473dd941339060a4e4b2
-
SHA512
d7f7ac208933fb7a7aa65524bc4c37c983b7b01e1b1b112f0b83749b9bbc915d1678add8fcce77279a8859c496d690a879a84d525f9e987170479566ba8d8ea5
-
Matiex Main Payload
-
Modifies WinLogon for persistence
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-