General
-
Target
ad5de4499961e24a515b9fdbe6e51d84535983ba6c68ac5d2ceb4708662b5ee8
-
Size
518KB
-
Sample
220511-c8wx2seab8
-
MD5
bcab9a4b6d4d884d692b0f42b9c71f9a
-
SHA1
156d66188b34e795099a6c5ff6dd56ec25cac3fc
-
SHA256
ad5de4499961e24a515b9fdbe6e51d84535983ba6c68ac5d2ceb4708662b5ee8
-
SHA512
8995683354dd4adf765a55a906b837a5c34e8b51cdbfc3981881e19116e1765cbdb75ea623ee822b7d7a18078058e784fd223174bdc28f7ea37675cb589b0537
Static task
static1
Behavioral task
behavioral1
Sample
ad5de4499961e24a515b9fdbe6e51d84535983ba6c68ac5d2ceb4708662b5ee8.exe
Resource
win7-20220414-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
[email protected] - Password:
italik2015
Targets
-
-
Target
ad5de4499961e24a515b9fdbe6e51d84535983ba6c68ac5d2ceb4708662b5ee8
-
Size
518KB
-
MD5
bcab9a4b6d4d884d692b0f42b9c71f9a
-
SHA1
156d66188b34e795099a6c5ff6dd56ec25cac3fc
-
SHA256
ad5de4499961e24a515b9fdbe6e51d84535983ba6c68ac5d2ceb4708662b5ee8
-
SHA512
8995683354dd4adf765a55a906b837a5c34e8b51cdbfc3981881e19116e1765cbdb75ea623ee822b7d7a18078058e784fd223174bdc28f7ea37675cb589b0537
-
Matiex Main Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-