General
-
Target
ORDER PURCHASE.exe
-
Size
784KB
-
Sample
201201-rrewm9fxb2
-
MD5
84a0462a34c489c8c98e88a788017f30
-
SHA1
e32e552ee9231ad2998658a25df9abd483b6dac9
-
SHA256
f016e53ada4cdc8efb3468fc036746b14fe0e594ca7749590045f30fde080f97
-
SHA512
12ec6a019fc14d00873955b26c2af21529d81cf3b550d2f0ceb7acd36c9cfbcf87717b6f4fba4b0df1cc70fa70e20fbcbb38dc4a7c719d55648eca970c30fee5
Static task
static1
Behavioral task
behavioral1
Sample
ORDER PURCHASE.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
valleycountysar.org - Port:
587 - Username:
south.lieutenant@valleycountysar.org - Password:
&6q^?75To5Rw
Extracted
matiex
Protocol: smtp- Host:
valleycountysar.org - Port:
587 - Username:
south.lieutenant@valleycountysar.org - Password:
&6q^?75To5Rw
Targets
-
-
Target
ORDER PURCHASE.exe
-
Size
784KB
-
MD5
84a0462a34c489c8c98e88a788017f30
-
SHA1
e32e552ee9231ad2998658a25df9abd483b6dac9
-
SHA256
f016e53ada4cdc8efb3468fc036746b14fe0e594ca7749590045f30fde080f97
-
SHA512
12ec6a019fc14d00873955b26c2af21529d81cf3b550d2f0ceb7acd36c9cfbcf87717b6f4fba4b0df1cc70fa70e20fbcbb38dc4a7c719d55648eca970c30fee5
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-