General
-
Target
5772340cf31a79bda48233f83129000e1251729177d89f673c78a03611d478ce
-
Size
494KB
-
Sample
220511-c4nqwadgf7
-
MD5
1b877b7ef603ff7b253dec28404d1a39
-
SHA1
b5e184b39159b9a7c05993e8aaa3fd405bf5b27a
-
SHA256
5772340cf31a79bda48233f83129000e1251729177d89f673c78a03611d478ce
-
SHA512
0eae1eceb638fc3df6d8a9a23ef1b69f4ae2ab49aa11496fb8a5261045704bf76e58ccc1a4e9e2dc1f50dc98d1ae582de6f37366432e558fab0b0ebb0f3961fd
Static task
static1
Behavioral task
behavioral1
Sample
5772340cf31a79bda48233f83129000e1251729177d89f673c78a03611d478ce.exe
Resource
win7-20220414-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
[email protected] - Password:
italik2015
Targets
-
-
Target
5772340cf31a79bda48233f83129000e1251729177d89f673c78a03611d478ce
-
Size
494KB
-
MD5
1b877b7ef603ff7b253dec28404d1a39
-
SHA1
b5e184b39159b9a7c05993e8aaa3fd405bf5b27a
-
SHA256
5772340cf31a79bda48233f83129000e1251729177d89f673c78a03611d478ce
-
SHA512
0eae1eceb638fc3df6d8a9a23ef1b69f4ae2ab49aa11496fb8a5261045704bf76e58ccc1a4e9e2dc1f50dc98d1ae582de6f37366432e558fab0b0ebb0f3961fd
-
Matiex Main Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-