General
-
Target
Tax Invoices IN102738 IN102739 IN102740.exe
-
Size
934KB
-
Sample
201229-8b7s5l3sxa
-
MD5
30db124ff404f295e6828615ceffd149
-
SHA1
9a36a1df328103d28eba4bdb4eb7fce4241e41a3
-
SHA256
13da94ec76f6fd3fba14bbaca306ee7fd26fe8ddd40858d63f639a97d3807226
-
SHA512
50333e3a99fe70ad3ce42eaec9b678eac525bf38b7847755367e7eecab4a9f4deadbbf6a59bda2e022bd060e0e7b97de60cd6dd228a204f3567b90f907b6c917
Static task
static1
Behavioral task
behavioral1
Sample
Tax Invoices IN102738 IN102739 IN102740.exe
Resource
win7v20201028
Malware Config
Extracted
matiex
Protocol: smtp- Host:
mail.zavidovici.ba - Port:
587 - Username:
opcina.zavidovici@zavidovici.ba - Password:
12Opc21!
Extracted
Protocol: smtp- Host:
mail.zavidovici.ba - Port:
587 - Username:
opcina.zavidovici@zavidovici.ba - Password:
12Opc21!
Targets
-
-
Target
Tax Invoices IN102738 IN102739 IN102740.exe
-
Size
934KB
-
MD5
30db124ff404f295e6828615ceffd149
-
SHA1
9a36a1df328103d28eba4bdb4eb7fce4241e41a3
-
SHA256
13da94ec76f6fd3fba14bbaca306ee7fd26fe8ddd40858d63f639a97d3807226
-
SHA512
50333e3a99fe70ad3ce42eaec9b678eac525bf38b7847755367e7eecab4a9f4deadbbf6a59bda2e022bd060e0e7b97de60cd6dd228a204f3567b90f907b6c917
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-