General
-
Target
9e9bd94fe6b1ed63cd9d5e3c21a2785fd411fc0b39be7c60f0ed55da1df2d828
-
Size
333KB
-
Sample
220520-2cfnmaabhp
-
MD5
6200ebd2a6065218b0b8673e1e2899e5
-
SHA1
7a5c9392772aa1b1690a824fe9e89fd683512074
-
SHA256
9e9bd94fe6b1ed63cd9d5e3c21a2785fd411fc0b39be7c60f0ed55da1df2d828
-
SHA512
ed17c61283d73cc7b14abc1567000000487d9d00592afb19734772708f0b89cf1aa35e3bd9a59b05477d4be455eb0cf7ffa789f70422d112661c55521093883d
Static task
static1
Behavioral task
behavioral1
Sample
M0O09080O00.exe
Resource
win7-20220414-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Targets
-
-
Target
M0O09080O00.exe
-
Size
417KB
-
MD5
a3ce2bb54fcff687892013553aba0e6d
-
SHA1
7d47db86cc89248b24be0c0f32a32fdd9328ed02
-
SHA256
a83313423eb4ec63591766985452770fa671506b821b927dd015b9e919fcad11
-
SHA512
7b094842c2ae12f732dc49465e5583a8b67ca0e0ace2082f25e1e704b936a417f0aa9a962aefc69cbe72ff7ba392395c73999094dc7e9e6670711affcfb807c6
Score10/10-
Matiex Main Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-