General
-
Target
4e564e13f79bc378255788e6bcbdd537b66606130b6a74224b308e5ea1a713c9
-
Size
869KB
-
Sample
220708-jhrnzaffdq
-
MD5
e71172701771cb05509683b9fb7a2d6d
-
SHA1
a415cee6194ddae8f11be7adca1b184d10d1c662
-
SHA256
4e564e13f79bc378255788e6bcbdd537b66606130b6a74224b308e5ea1a713c9
-
SHA512
eadeb137db3166a1de3ebac1f66daab696222c156b801f949913ef19254eb2372be840dfe5527f4ca5e086d06108e5c5515393ac68fdda11f449310512ab6090
Static task
static1
Behavioral task
behavioral1
Sample
4e564e13f79bc378255788e6bcbdd537b66606130b6a74224b308e5ea1a713c9.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
4e564e13f79bc378255788e6bcbdd537b66606130b6a74224b308e5ea1a713c9.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Targets
-
-
Target
4e564e13f79bc378255788e6bcbdd537b66606130b6a74224b308e5ea1a713c9
-
Size
869KB
-
MD5
e71172701771cb05509683b9fb7a2d6d
-
SHA1
a415cee6194ddae8f11be7adca1b184d10d1c662
-
SHA256
4e564e13f79bc378255788e6bcbdd537b66606130b6a74224b308e5ea1a713c9
-
SHA512
eadeb137db3166a1de3ebac1f66daab696222c156b801f949913ef19254eb2372be840dfe5527f4ca5e086d06108e5c5515393ac68fdda11f449310512ab6090
Score10/10-
Matiex Main payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-