General
-
Target
sample-321929-136a6ad7a793382286ba689d1c351cf7.zip
-
Size
879KB
-
Sample
201205-hnwt92fel6
-
MD5
cdf88f0ada03ad17bdcb4310c80ab141
-
SHA1
11f171aaa49d6d208fd409b0720fde44c7d5730e
-
SHA256
7158c2ece09b5059a43e7609391eaa8cb4c9d383351f0129da5dea7fe1864580
-
SHA512
e1b9591b2a3399301f2e1fc5249e3eca9395476d2257246917d954cd4b54c386abea3a7eac4342903e4022d5c5492380ed1a3d3781ab3b263f67966c100de0c6
Static task
static1
Behavioral task
behavioral1
Sample
IRS NOTICE LETTER.exe
Resource
win7v20201028
Malware Config
Extracted
matiex
Protocol: smtp- Host:
ckfashion.shop - Port:
26 - Username:
matiex@ckfashion.shop - Password:
123Mat+++
Targets
-
-
Target
IRS NOTICE LETTER.exe
-
Size
1.1MB
-
MD5
136a6ad7a793382286ba689d1c351cf7
-
SHA1
4b290df02b03f0d59cadfcf8d68ea2ce8e66b32c
-
SHA256
96428b7e2055ef7939a3ee5c4e694e2031848e26da110fd82eac33c4081564ee
-
SHA512
014c7bf75c1ea0ff0fff73ed5dda0055fcde616a789f0d61945b903455189289ac936cdf87d41be538309e800786711454f69fb0cef79d52af4d38fe2e7b2317
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-