Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ab1a2739a4592069e79419ade33a167d.exe
-
Size
576KB
-
Sample
221229-x9h3sshb91
-
MD5
ab1a2739a4592069e79419ade33a167d
-
SHA1
8ce904d93207c9fec1052095d9319bf2697eca29
-
SHA256
c56e1cb494b6e10bfa87e5e7fef8a6ba8665888851ba9a0414fd3b54eba14959
-
SHA512
2d78c8794963f7f332720e1c3f21c1690afebf276293af5366189be328c2aec9e994142c209925f2430f4c5f6cc3b870839170d8922f8998529fbc5db1fe3438
-
SSDEEP
12288:aCe8LxGQ7MRSRAsDYeQBWlWc4b70eU06zTwjZ++R5Mi6/ZVgCp0TLAXZo:aN88Q7aQjDYLWlhW7JUyZ++R5PyZ5pc5
Static task
static1
Behavioral task
behavioral1
Sample
ab1a2739a4592069e79419ade33a167d.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
ab1a2739a4592069e79419ade33a167d.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
[email protected] - Password:
italik2015
Targets
-
-
Target
ab1a2739a4592069e79419ade33a167d.exe
-
Size
576KB
-
MD5
ab1a2739a4592069e79419ade33a167d
-
SHA1
8ce904d93207c9fec1052095d9319bf2697eca29
-
SHA256
c56e1cb494b6e10bfa87e5e7fef8a6ba8665888851ba9a0414fd3b54eba14959
-
SHA512
2d78c8794963f7f332720e1c3f21c1690afebf276293af5366189be328c2aec9e994142c209925f2430f4c5f6cc3b870839170d8922f8998529fbc5db1fe3438
-
SSDEEP
12288:aCe8LxGQ7MRSRAsDYeQBWlWc4b70eU06zTwjZ++R5Mi6/ZVgCp0TLAXZo:aN88Q7aQjDYLWlhW7JUyZ++R5PyZ5pc5
Score10/10-
Matiex Main payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-