General
-
Target
687f82ebf8ec4f6228e56174d85062d2e3c3c12250aa7479b67810d5240148bf
-
Size
668KB
-
Sample
220508-ct3r2schc3
-
MD5
f52ca29e6654da78370289212d5117f9
-
SHA1
2d0d029673966c5c98ff836f9c1a65d3826e91e6
-
SHA256
687f82ebf8ec4f6228e56174d85062d2e3c3c12250aa7479b67810d5240148bf
-
SHA512
bb59acd8547fc69a19b9bd29a490b72ee248c8a57d5005b332cec45644f43cb4625f20099b2ac92b7cd0571bc350ad2c1513066b87afd15ea0121522d26169e9
Static task
static1
Behavioral task
behavioral1
Sample
687f82ebf8ec4f6228e56174d85062d2e3c3c12250aa7479b67810d5240148bf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
687f82ebf8ec4f6228e56174d85062d2e3c3c12250aa7479b67810d5240148bf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
[email protected] - Password:
italik2015
Targets
-
-
Target
687f82ebf8ec4f6228e56174d85062d2e3c3c12250aa7479b67810d5240148bf
-
Size
668KB
-
MD5
f52ca29e6654da78370289212d5117f9
-
SHA1
2d0d029673966c5c98ff836f9c1a65d3826e91e6
-
SHA256
687f82ebf8ec4f6228e56174d85062d2e3c3c12250aa7479b67810d5240148bf
-
SHA512
bb59acd8547fc69a19b9bd29a490b72ee248c8a57d5005b332cec45644f43cb4625f20099b2ac92b7cd0571bc350ad2c1513066b87afd15ea0121522d26169e9
Score10/10-
Matiex Main Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-