General
-
Target
442977f31528f2db2745d7675e06d966606531e98851b4b981da008f8901ebb8
-
Size
218KB
-
Sample
220502-npjn6aaad9
-
MD5
18906e19c1cc0222c5506e3bc78d890d
-
SHA1
004ed5a826927ae58c35c35265f15aba2dc78770
-
SHA256
442977f31528f2db2745d7675e06d966606531e98851b4b981da008f8901ebb8
-
SHA512
b36495930dcd194645599ed265555a8c8ebea20875f4403477f8bdd8d241ba630b938ebb205f9f9c5c9d2126f4b74cb2b71eee0845086948bc3db84eecbf5e08
Static task
static1
Behavioral task
behavioral1
Sample
0908000009h090000.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
0908000009h090000.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
[email protected] - Password:
italik2015
Targets
-
-
Target
0908000009h090000.exe
-
Size
577KB
-
MD5
40f119bd23e3dfe95c416a839da87142
-
SHA1
164cca839ad92c95b3ccbf75873c8d590ff29c89
-
SHA256
6fa65eef03e50dbaba9ba7729d7d5f4a24d9302c028ec1640db45d47096ab29d
-
SHA512
57b30e1242d22c4445b28762fa0e14577169d1e6863a989f0cea6a6affe01800ca9c0e6820ee0818bddd8cc4de58754986927be8d06badd7187069c0eafe33b1
Score10/10-
Matiex Main Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-