General
-
Target
PURCHASE ORDER.exe
-
Size
433KB
-
Sample
201204-cb8v1vlkfs
-
MD5
56994b189459a7148e79d20ab2c151de
-
SHA1
ad9283b5a63449a1b936ad2244f4b0a8212669c1
-
SHA256
7903de079aab061a08e026f1aab15f7c5009bf805630c53d7a3eb1da403b7ac9
-
SHA512
e630afc3876a7f37f366f01ffdfd9c9e6f5d3c0fee046c00622de75192c174264505c224f516b541af03fa4f42f1d71fb60c3fced0bbc8e64f508455d27a4ce1
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASE ORDER.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
valleycountysar.org - Port:
587 - Username:
south.lieutenant@valleycountysar.org - Password:
&6q^?75To5Rw
Extracted
matiex
Protocol: smtp- Host:
valleycountysar.org - Port:
587 - Username:
south.lieutenant@valleycountysar.org - Password:
&6q^?75To5Rw
Targets
-
-
Target
PURCHASE ORDER.exe
-
Size
433KB
-
MD5
56994b189459a7148e79d20ab2c151de
-
SHA1
ad9283b5a63449a1b936ad2244f4b0a8212669c1
-
SHA256
7903de079aab061a08e026f1aab15f7c5009bf805630c53d7a3eb1da403b7ac9
-
SHA512
e630afc3876a7f37f366f01ffdfd9c9e6f5d3c0fee046c00622de75192c174264505c224f516b541af03fa4f42f1d71fb60c3fced0bbc8e64f508455d27a4ce1
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-