General
-
Target
bc31fc4bea86c69967c99b00e5e465c27c4712fcc2a7ea737a1d449185e84a28
-
Size
199KB
-
Sample
220502-m3y6bshfa3
-
MD5
56936382515bb9c6fe8c9c555ada7ec4
-
SHA1
23190f3616ed41932ad6330f7fbc8b398fd75c83
-
SHA256
bc31fc4bea86c69967c99b00e5e465c27c4712fcc2a7ea737a1d449185e84a28
-
SHA512
334b0318b4716a02bba8af1115053dc8229d0838d2a816c4f8f4867741dd64e1ec6f6d043251bc1ada4e72ddaf358d4378731b9b88e62971169cc75fa1bba688
Static task
static1
Behavioral task
behavioral1
Sample
004797508E2-20F2-4C2C-879A-1C358609BA01d.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
004797508E2-20F2-4C2C-879A-1C358609BA01d.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
[email protected] - Password:
italik2015
Targets
-
-
Target
004797508E2-20F2-4C2C-879A-1C358609BA01d.exe
-
Size
545KB
-
MD5
77622db39954d9de5f409d926e2291f4
-
SHA1
ee96a88632770b165839da16b83210a091ca5ccb
-
SHA256
4a40496f800e2a11c1e2a12176d062b59fe536f18fb236f98e66231448aaa2e8
-
SHA512
a1ce28d8f6f3005b679f6969f512aac8d6e3e0e21b632763094fc679b62ef67e7e6b50de111c48bb2293d995559744c1cc771a11445572084a2bfa18f34cd188
Score10/10-
Matiex Main Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-