General
-
Target
7f5764844ab366849a5c4dc0c5b6af4fce6b96b1f8411a8b6e4484a418aaf1d7
-
Size
201KB
-
Sample
220502-m94z6aeeal
-
MD5
eca4790af75d4e727b47c93f37642cbd
-
SHA1
1a719a0864b00ca16207d391d91c7c1461c6af59
-
SHA256
7f5764844ab366849a5c4dc0c5b6af4fce6b96b1f8411a8b6e4484a418aaf1d7
-
SHA512
d9e24a132b61737fbfe72fee8710718cb342481e590fd7f55ac5cb6ae3c7e104842535ad39a00479084c855cb5814228187204d03c5548fb9b95da4ff8bf24a8
Static task
static1
Behavioral task
behavioral1
Sample
DEKONT.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DEKONT.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
[email protected] - Password:
italik2015
Targets
-
-
Target
DEKONT.exe
-
Size
554KB
-
MD5
b68bd92478369e4dcd776b77326fa66b
-
SHA1
41b039e8d555c0b0b04d172b6509859b8e32c878
-
SHA256
16fda49dd0a5b3c520619c1f5e88723cd2fe0c92b9cc2946416b2e29a1ccdfff
-
SHA512
f216b9c25cdd054fcde7ed0038ab56a1a0952a65eee3b12cf41406a1908a7012683f8303981cad959bf904212cf8440b618fc39fd22275879eece52f45a111de
Score10/10-
Matiex Main Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-