General
-
Target
OgI24G8ta2DV2tA.exe
-
Size
664KB
-
Sample
201218-z8fzl6lfyx
-
MD5
8c647c5fa8f9a53350ef9e084e972bc1
-
SHA1
5de934bfb8e69c2e15aac0a9d4195e5cb8b6e36c
-
SHA256
efed7937344ba48b8c75c280a6c61e848de83a45e3a22d03ed760e0aa25f104c
-
SHA512
edda06401e1f4e369b79ff22c47a7811274c22a90af8eb250d3939bb16e6f33ba64a9ef3e4f70623ed90acd76035c4f82d5a3200e0da837744ce5fff4f6ff9cc
Static task
static1
Behavioral task
behavioral1
Sample
OgI24G8ta2DV2tA.exe
Resource
win7v20201028
Malware Config
Extracted
matiex
Protocol: smtp- Host:
mail.zavidovici.ba - Port:
587 - Username:
opcina.zavidovici@zavidovici.ba - Password:
12Opc21!
Extracted
Protocol: smtp- Host:
mail.zavidovici.ba - Port:
587 - Username:
opcina.zavidovici@zavidovici.ba - Password:
12Opc21!
Targets
-
-
Target
OgI24G8ta2DV2tA.exe
-
Size
664KB
-
MD5
8c647c5fa8f9a53350ef9e084e972bc1
-
SHA1
5de934bfb8e69c2e15aac0a9d4195e5cb8b6e36c
-
SHA256
efed7937344ba48b8c75c280a6c61e848de83a45e3a22d03ed760e0aa25f104c
-
SHA512
edda06401e1f4e369b79ff22c47a7811274c22a90af8eb250d3939bb16e6f33ba64a9ef3e4f70623ed90acd76035c4f82d5a3200e0da837744ce5fff4f6ff9cc
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-