General
-
Target
e9295dd329dcc4a87a96772a910ba5d951f20bf5b4aad56dd2504eb10969fa88
-
Size
187KB
-
Sample
220520-3mc6xshbd8
-
MD5
46dbab73b6e0dfd141f7ddbb26f5dc41
-
SHA1
853e3406fa80583b6e424cfc66ea58911a4b7ec3
-
SHA256
e9295dd329dcc4a87a96772a910ba5d951f20bf5b4aad56dd2504eb10969fa88
-
SHA512
c0bd22461322b6915b56e71c0e7cb0f3ba8802c38eb74c4c5325241155ddf1cc6604de4d54f8c55b8758937853f2831c10c16af30dcacb3bf62dda7ad5de2603
Static task
static1
Behavioral task
behavioral1
Sample
M09080000000.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
M09080000000.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Targets
-
-
Target
M09080000000.exe
-
Size
619KB
-
MD5
072c613d1f936ac409e59949503ab55e
-
SHA1
ed85d7ea0a061e9c971cc01ab47efad6028eef76
-
SHA256
90524b90bad8dd82b6b6aa41f4f98211dd5e6d0c9524e72a72e8a1e855b71689
-
SHA512
980517439fdcda8021053ec66a42203f9ec2f2be9e4a3490b120ed964454e74d3a0beea0e10c7f2a8bd2bda6cdbc45624efd5d317cd58fe170151436cb1e6048
Score10/10-
Matiex Main Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-