General
-
Target
Mj1eX5GWJxDRnuk.exe
-
Size
801KB
-
Sample
210111-6z4tpg4gqs
-
MD5
0a15abc755513fa5540383224e716007
-
SHA1
977b99a636046d643c056f241db30dd07c92edf5
-
SHA256
7cea033f51a991529c382fa2e8f87b84c4d096610dc5d191b005e5db6bbd7581
-
SHA512
9a564caafecde53867d1b7e7af97ec2690fdb5dbf744be436e8126c2dd0973c5c5e818ac6d300fe89f399df2e07850ceadc489d4356e7521aee115ac02d4944e
Static task
static1
Behavioral task
behavioral1
Sample
Mj1eX5GWJxDRnuk.exe
Resource
win7v20201028
Malware Config
Extracted
matiex
Protocol: smtp- Host:
smtp.privateemail.com - Port:
587 - Username:
sales01@seedwellresources.xyz - Password:
MARYolanmauluogwo@ever
Targets
-
-
Target
Mj1eX5GWJxDRnuk.exe
-
Size
801KB
-
MD5
0a15abc755513fa5540383224e716007
-
SHA1
977b99a636046d643c056f241db30dd07c92edf5
-
SHA256
7cea033f51a991529c382fa2e8f87b84c4d096610dc5d191b005e5db6bbd7581
-
SHA512
9a564caafecde53867d1b7e7af97ec2690fdb5dbf744be436e8126c2dd0973c5c5e818ac6d300fe89f399df2e07850ceadc489d4356e7521aee115ac02d4944e
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-