General
-
Target
NUEVO PEDIDO # 090800.exe
-
Size
674KB
-
Sample
201218-ahy6ntp5ma
-
MD5
f170d5d99523ac1d57c916950a3847b1
-
SHA1
8c38ea1c210aef8841507e439d1dfa53f8c1dbd3
-
SHA256
a0b8949542ca26f2f52c82dcb6444016913b2485828fdb166d37cf3942614f14
-
SHA512
2cb5ba12fa89f37b6adeef26c294d565362618755e3d022525cd67fbc31e68399b8e9a43b95263c3d6f5df44c1d1a5c2a81256ecd572a5b006c71a937ee9ebae
Static task
static1
Behavioral task
behavioral1
Sample
NUEVO PEDIDO # 090800.exe
Resource
win7v20201028
Malware Config
Extracted
matiex
Protocol: smtp- Host:
mail.zavidovici.ba - Port:
587 - Username:
opcina.zavidovici@zavidovici.ba - Password:
12Opc21!
Targets
-
-
Target
NUEVO PEDIDO # 090800.exe
-
Size
674KB
-
MD5
f170d5d99523ac1d57c916950a3847b1
-
SHA1
8c38ea1c210aef8841507e439d1dfa53f8c1dbd3
-
SHA256
a0b8949542ca26f2f52c82dcb6444016913b2485828fdb166d37cf3942614f14
-
SHA512
2cb5ba12fa89f37b6adeef26c294d565362618755e3d022525cd67fbc31e68399b8e9a43b95263c3d6f5df44c1d1a5c2a81256ecd572a5b006c71a937ee9ebae
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-