General
-
Target
logo.exe
-
Size
15KB
-
Sample
201221-eeg6yra1m6
-
MD5
27023178af9de77b8eaa31b33718ebf2
-
SHA1
f283cccb66e45da836c74059a559d5662cf340a5
-
SHA256
7beab2868ef93af646071fd61c0ab535230c0f9972980e1bded8f49c9f5392ef
-
SHA512
24bed02e97a2e4cd0cf620fd966d87a5e3877b43fa373ca1c932179c1e4b32bb0acb66ef59a82d30dfb892981f198e39ba94b3d74082bdf9a4eaf7a84d3358dd
Static task
static1
Behavioral task
behavioral1
Sample
logo.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
logo.exe
Resource
win10v20201028
Malware Config
Extracted
matiex
Protocol: smtp- Host:
smtp.privateemail.com - Port:
587 - Username:
sales01@seedwellresources.xyz - Password:
MARYolanmauluogwo@ever
Targets
-
-
Target
logo.exe
-
Size
15KB
-
MD5
27023178af9de77b8eaa31b33718ebf2
-
SHA1
f283cccb66e45da836c74059a559d5662cf340a5
-
SHA256
7beab2868ef93af646071fd61c0ab535230c0f9972980e1bded8f49c9f5392ef
-
SHA512
24bed02e97a2e4cd0cf620fd966d87a5e3877b43fa373ca1c932179c1e4b32bb0acb66ef59a82d30dfb892981f198e39ba94b3d74082bdf9a4eaf7a84d3358dd
Score10/10-
Matiex Main Payload
-
Modifies WinLogon for persistence
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-