General
-
Target
PROFORMA INVOICE.PDF......exe
-
Size
567KB
-
Sample
201224-hf18v74zta
-
MD5
a9ceffb0c01ef7b2d56aead65b433529
-
SHA1
d3577bc9782c8be92cf86a4ba1b7a9becf3ec1a9
-
SHA256
b353a8a7967d9d72d358e29044f725e3f359c5fc8aebd0dba84d13701ccfdfac
-
SHA512
3dea0df1d7edf80f4d8edeb0755bfc488df7a5890e492a2adca99b145812fa3f3634696467bb7788b1ae61749f5045a4a4d19284c2120aa3bd9bffaa8ae342d3
Static task
static1
Behavioral task
behavioral1
Sample
PROFORMA INVOICE.PDF......exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
smtp.serviciodecorreo.es - Port:
587 - Username:
aocejo@creditaria.com.mx - Password:
Ronu6802
Extracted
matiex
Protocol: smtp- Host:
smtp.serviciodecorreo.es - Port:
587 - Username:
aocejo@creditaria.com.mx - Password:
Ronu6802
Targets
-
-
Target
PROFORMA INVOICE.PDF......exe
-
Size
567KB
-
MD5
a9ceffb0c01ef7b2d56aead65b433529
-
SHA1
d3577bc9782c8be92cf86a4ba1b7a9becf3ec1a9
-
SHA256
b353a8a7967d9d72d358e29044f725e3f359c5fc8aebd0dba84d13701ccfdfac
-
SHA512
3dea0df1d7edf80f4d8edeb0755bfc488df7a5890e492a2adca99b145812fa3f3634696467bb7788b1ae61749f5045a4a4d19284c2120aa3bd9bffaa8ae342d3
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-