General
-
Target
465a6743b9a2d17e33f7651bcffff32afdac0cb000885a691ea2aaec54305433
-
Size
728KB
-
Sample
220521-bvwvfsfegp
-
MD5
7346a2df65da5e40015040d16db71da6
-
SHA1
0198961179578fa86cf69f57dd94555b579f08bd
-
SHA256
465a6743b9a2d17e33f7651bcffff32afdac0cb000885a691ea2aaec54305433
-
SHA512
e16f21ad39e00c8d96b5525ab1b2d316ecfc832a392098415f77453efef17fead249eac32e7ddeef566cc1fbdc94c49fdc339d5e39030568c8bbf6b0b91b1960
Static task
static1
Behavioral task
behavioral1
Sample
T.HALK BANKASI A.S. 31..07.2020 - 04.08.2020 Hesap Ekstresi.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
T.HALK BANKASI A.S. 31..07.2020 - 04.08.2020 Hesap Ekstresi.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Targets
-
-
Target
T.HALK BANKASI A.S. 31..07.2020 - 04.08.2020 Hesap Ekstresi.exe
-
Size
1023KB
-
MD5
e1f4f160517e085442d10fc35b0dfb23
-
SHA1
bf32b3506630ee1865961febbd44ac6c8581e549
-
SHA256
d1f8714f2ba5d192baddc1b4e254b49b538c8527419d2250b4d33730629d148e
-
SHA512
a2843f01d9ff2f050b1b362122a9bdf822ce53396ba416ed057c7ae848f5a143d6f36c9cb6d8418b00ce751518aa41b1429fd46fdcb618ae195d3c935d724809
Score10/10-
Matiex Main Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-