General
-
Target
ad7d59a82d1db83b449bbfb5c742a222b5c5dcc6f3da2c8565cb424de591eedc
-
Size
569KB
-
Sample
220520-3z8tcshgh2
-
MD5
1a0af4446d3872478bfc2e515dfb3222
-
SHA1
89929f69a85c6d1310ed863c300412d3b9b62696
-
SHA256
ad7d59a82d1db83b449bbfb5c742a222b5c5dcc6f3da2c8565cb424de591eedc
-
SHA512
702cf7fa17a8e833334bc2be24b4e27d4820dcf6f2dcf066bf4f6952679af9abf2e8915e870321834bb7e64d88b61e106cf4563a5323e84e44e865af29df8415
Static task
static1
Behavioral task
behavioral1
Sample
PO#09080008000.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO#09080008000.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Targets
-
-
Target
PO#09080008000.exe
-
Size
831KB
-
MD5
29497bf02bfafca47057eea606eb60d9
-
SHA1
d19439ed3827755112dbda621176d58f03b3230e
-
SHA256
371725e1a26fa24986c1579484d80df93180f9fed75bf1a822e04141aa84c767
-
SHA512
462ec0992ddeca7470860696c4a8d5012f0cb6f66e2fb1f9e4a28f234f258236a2980735c66d3e3ff81e807039f190b77cf6875ec0587bbbbebc3d7d7849e4c6
Score10/10-
Matiex Main Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-