General
-
Target
MV HONESTY.exe
-
Size
752KB
-
Sample
201201-hrpphsnxa6
-
MD5
1e1ac5261cea25b229d5b12940d23c1b
-
SHA1
7b85cd488844b3893ffa6031e9b5f470adbb07f1
-
SHA256
354d8f2552b03d6c566580d1cddd01abe71a8932952465947e4d50969f7a1cb5
-
SHA512
6c7ea7bdaef4bf0c57045e5a934281da7891186158c4ba1a3c342ea1cb303935c8d39b60f6e6b71c74d4bd3108599979dc252c97a9422e0d795edcb128bbe19f
Static task
static1
Behavioral task
behavioral1
Sample
MV HONESTY.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
valleycountysar.org - Port:
587 - Username:
south.lieutenant@valleycountysar.org - Password:
&6q^?75To5Rw
Extracted
matiex
Protocol: smtp- Host:
valleycountysar.org - Port:
587 - Username:
south.lieutenant@valleycountysar.org - Password:
&6q^?75To5Rw
Targets
-
-
Target
MV HONESTY.exe
-
Size
752KB
-
MD5
1e1ac5261cea25b229d5b12940d23c1b
-
SHA1
7b85cd488844b3893ffa6031e9b5f470adbb07f1
-
SHA256
354d8f2552b03d6c566580d1cddd01abe71a8932952465947e4d50969f7a1cb5
-
SHA512
6c7ea7bdaef4bf0c57045e5a934281da7891186158c4ba1a3c342ea1cb303935c8d39b60f6e6b71c74d4bd3108599979dc252c97a9422e0d795edcb128bbe19f
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-