General
-
Target
09080000000000.exe
-
Size
970KB
-
Sample
201218-lgbjg6l1w2
-
MD5
46f9027acba7b66daad89d5b2069ead3
-
SHA1
775067f2b6d6e22aacac20bbd2bfd6ab736f561c
-
SHA256
3ff77777962f0764a456202f41bb01679b9e7ed18a43d4f6743395207b8a13d6
-
SHA512
b48df6d4903245afeca4df88ae569449b8efb26e56a8fcac0d1407438fb787d89d7366ab71310aaac18d6408389bbfb276852b22b7003c3c6b969c5ddbb2869a
Static task
static1
Behavioral task
behavioral1
Sample
09080000000000.exe
Resource
win7v20201028
Malware Config
Extracted
matiex
Protocol: smtp- Host:
mail.zavidovici.ba - Port:
587 - Username:
opcina.zavidovici@zavidovici.ba - Password:
12Opc21!
Targets
-
-
Target
09080000000000.exe
-
Size
970KB
-
MD5
46f9027acba7b66daad89d5b2069ead3
-
SHA1
775067f2b6d6e22aacac20bbd2bfd6ab736f561c
-
SHA256
3ff77777962f0764a456202f41bb01679b9e7ed18a43d4f6743395207b8a13d6
-
SHA512
b48df6d4903245afeca4df88ae569449b8efb26e56a8fcac0d1407438fb787d89d7366ab71310aaac18d6408389bbfb276852b22b7003c3c6b969c5ddbb2869a
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-