General
-
Target
M0890068899998.exe
-
Size
539KB
-
Sample
201218-lxlk3nhyys
-
MD5
89a16b7a33c0399e5622950068007d4f
-
SHA1
d7e609b5629b33f663f21ba0e5540ae66ae097c4
-
SHA256
bf60e55ec0adb6a2be7a8009c201aecbb074beecd22458bf19ff12f5d5acbb9b
-
SHA512
a634eb6f8fe5772f7e79e3c4927477ac398ec6b8c5836b8f5a7b89f732fb16c61b60a4528a3cd28a14b2e4d13d2a7bc8d6890ffa59604f17a4f0f756545b8038
Static task
static1
Behavioral task
behavioral1
Sample
M0890068899998.exe
Resource
win7v20201028
Malware Config
Extracted
matiex
Protocol: smtp- Host:
mail.zavidovici.ba - Port:
587 - Username:
opcina.zavidovici@zavidovici.ba - Password:
12Opc21!
Targets
-
-
Target
M0890068899998.exe
-
Size
539KB
-
MD5
89a16b7a33c0399e5622950068007d4f
-
SHA1
d7e609b5629b33f663f21ba0e5540ae66ae097c4
-
SHA256
bf60e55ec0adb6a2be7a8009c201aecbb074beecd22458bf19ff12f5d5acbb9b
-
SHA512
a634eb6f8fe5772f7e79e3c4927477ac398ec6b8c5836b8f5a7b89f732fb16c61b60a4528a3cd28a14b2e4d13d2a7bc8d6890ffa59604f17a4f0f756545b8038
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-