General
-
Target
ae7df639d022f1b5c905da288b7b96ec.exe
-
Size
796KB
-
Sample
210106-58v9pn9pse
-
MD5
ae7df639d022f1b5c905da288b7b96ec
-
SHA1
33ed97231b65d0c7388de55ff262f6c778b0e144
-
SHA256
5267ff61c4ea8ae53b6c1566e90464e062db1f16704d04c4d1f6653e0a3ccc95
-
SHA512
f3272dff37fae2e28e05d06d8e39da8c7f4b6f0f80af57a3c84f225c6259580e3a0a7356cdd81d966d059946487b03d1ee417f91fda228720e46cf51e5c8b7b0
Static task
static1
Behavioral task
behavioral1
Sample
ae7df639d022f1b5c905da288b7b96ec.exe
Resource
win7v20201028
Malware Config
Extracted
matiex
Protocol: smtp- Host:
mail.metauxsud.com - Port:
587 - Username:
mtoks@metauxsud.com - Password:
Tx$6#dMqO7up
Targets
-
-
Target
ae7df639d022f1b5c905da288b7b96ec.exe
-
Size
796KB
-
MD5
ae7df639d022f1b5c905da288b7b96ec
-
SHA1
33ed97231b65d0c7388de55ff262f6c778b0e144
-
SHA256
5267ff61c4ea8ae53b6c1566e90464e062db1f16704d04c4d1f6653e0a3ccc95
-
SHA512
f3272dff37fae2e28e05d06d8e39da8c7f4b6f0f80af57a3c84f225c6259580e3a0a7356cdd81d966d059946487b03d1ee417f91fda228720e46cf51e5c8b7b0
-
Matiex Main Payload
-
Deletes itself
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-