General
-
Target
588dc1b105e5255e0185036768f5201bed501cfa6a273721b5ab52807739ff74
-
Size
218KB
-
Sample
220502-nph3maegen
-
MD5
03ac649737e97213c52437f7ad331e01
-
SHA1
781085a42dd85eb3788ca5e6d38d4bb3868b1449
-
SHA256
588dc1b105e5255e0185036768f5201bed501cfa6a273721b5ab52807739ff74
-
SHA512
71bd97911d9cbdded5c6852b0cd206c5b76339a090291f9f8bda3283ca0b25782239ba1e88996a21b78e5fbde0e87c3e1f8e9036c0119e9aa6d2dfed7f0faa87
Static task
static1
Behavioral task
behavioral1
Sample
0900009090000.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
0900009090000.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
[email protected] - Password:
italik2015
Targets
-
-
Target
0900009090000.exe
-
Size
577KB
-
MD5
a543084b74043d3373fe007ecf2924af
-
SHA1
0b06349a0f26179f6e5e43181e4d248ee8bab127
-
SHA256
6989ffe534c2303d7fcc4f5f8b81515a3d30a53ecb395a935bc46391de88b023
-
SHA512
57af1f424d02c4ba8f66a011b007b559e5cca570d8c3d630415b993544d2caddd9de3fe9ecec4d626142fca884512913ef6c9665b754e6b4a586d70852293a83
Score10/10-
Matiex Main Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-