General
-
Target
3667609f0c24ab6f0f752272d3912979fb5a589c0e067d09279947d5852adfd6
-
Size
530KB
-
Sample
220502-28scascaf9
-
MD5
a2fba1dec44bfa5b15766e018b35869c
-
SHA1
98ebee7100c4453cb3bb517ef9e6d4d705e8d95c
-
SHA256
3667609f0c24ab6f0f752272d3912979fb5a589c0e067d09279947d5852adfd6
-
SHA512
96e8807fdbdc21ae805af0be829ec79089c2879ca979672090d94f9100b19d018a9915d5dc247c801df7a17f05ff066e65f798c957f8469d49d871c5242c987d
Static task
static1
Behavioral task
behavioral1
Sample
kart bilgisizzz.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
kart bilgisizzz.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
[email protected] - Password:
italik2015
Targets
-
-
Target
kart bilgisizzz.exe
-
Size
547KB
-
MD5
e403224181d35975467c43df34caaf3b
-
SHA1
e2af3fe3b2ff9ed604ea6ca40fc2a7e18fef7f64
-
SHA256
4c56e5f1863de0fa8fa4f2104de8d14a695eaa7e61158a71aeabef051cc025b1
-
SHA512
59bd3516ff72ba7b990e7d8b1b6951d3f07d8aa2958a7957642c91e2fc19191d577247849eb925bb6f20e6da4575175364d8304e2c49eca0a876a74f5249e392
Score10/10-
Matiex Main Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-