General
-
Target
4a4f5c58a37ecb13eee6e0c49037006ae06bbd1486f6d8fbed8cc5060c226976
-
Size
528KB
-
Sample
220521-awnpssdhbr
-
MD5
8f733260c9547c1aaab9fa3885a4547a
-
SHA1
bbd867d5f97c77a769b2d964217df1bcdbcf636d
-
SHA256
4a4f5c58a37ecb13eee6e0c49037006ae06bbd1486f6d8fbed8cc5060c226976
-
SHA512
b443dfbf56dbd1a70ff70368bfc0e2311a6ab51a3b647ee728f5786839cb407c2ba6b3ef90cb55330fec4cdcbb8bd58c97860f72f34c1d016dbfbec19e76bb60
Static task
static1
Behavioral task
behavioral1
Sample
08000990800.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
08000990800.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Targets
-
-
Target
08000990800.exe
-
Size
808KB
-
MD5
f9b1140593e95614c357a719893ca50e
-
SHA1
57ed885f150f68d6e637dbc2d2add9bd0358d4a7
-
SHA256
20404bc0e463cc7474976cf7a83de3e892570bb0aae22d404259d2b157dc3ff9
-
SHA512
94953797415a305e1ed2954a11690b5c20f71a5cdfb9880be41c3547ec2049c26486d2b9eac0299d94705fcc6b7cd017ca986c4cad8f1984fc33d8d3a901aaa3
Score10/10-
Matiex Main Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-