General
-
Target
a9bfd74205eaae0c0a3b4c5844f689e6.exe
-
Size
972KB
-
Sample
210103-9rbnjekl7e
-
MD5
a9bfd74205eaae0c0a3b4c5844f689e6
-
SHA1
26a4db56a5c263be29df916729bb98762a15c818
-
SHA256
109bcfbd83db3f1cd25ebb84bff09634dbd32ba6142c9091dea6298df5c57541
-
SHA512
007daaa815973fd15bf8f78ec35a6fcc62e041ea3bcf2c659839c355e506240bbed6404d16dfc5653a98ee5f7fe8d49be39dbd083b3ed6b5986b064713199eab
Static task
static1
Behavioral task
behavioral1
Sample
a9bfd74205eaae0c0a3b4c5844f689e6.exe
Resource
win7v20201028
Malware Config
Extracted
matiex
Protocol: smtp- Host:
mail.zavidovici.ba - Port:
587 - Username:
opcina.zavidovici@zavidovici.ba - Password:
12Opc21!
Extracted
Protocol: smtp- Host:
mail.zavidovici.ba - Port:
587 - Username:
opcina.zavidovici@zavidovici.ba - Password:
12Opc21!
Targets
-
-
Target
a9bfd74205eaae0c0a3b4c5844f689e6.exe
-
Size
972KB
-
MD5
a9bfd74205eaae0c0a3b4c5844f689e6
-
SHA1
26a4db56a5c263be29df916729bb98762a15c818
-
SHA256
109bcfbd83db3f1cd25ebb84bff09634dbd32ba6142c9091dea6298df5c57541
-
SHA512
007daaa815973fd15bf8f78ec35a6fcc62e041ea3bcf2c659839c355e506240bbed6404d16dfc5653a98ee5f7fe8d49be39dbd083b3ed6b5986b064713199eab
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-