General
-
Target
wCRnCAMZ3yT8BQ2.exe
-
Size
938KB
-
Sample
210112-shwkgn65vs
-
MD5
2363f93331fc792ae9cb5750043bdc89
-
SHA1
2fc0b7b4106a28ffe7f63f36ff64fe045e8f7daa
-
SHA256
08c29dfa0ccb747751c5ff3ccde88f7f8a5a87152121f75f60a886b14e86bf00
-
SHA512
a4a47c39e03c22844725b51ffd56f3ae01e9095733e8442eaba1fcf0e3a0e1edb127a6bf4b5ab8063614829db27919dea5a0e62f9e7d320e625fc498a603ad3e
Static task
static1
Behavioral task
behavioral1
Sample
wCRnCAMZ3yT8BQ2.exe
Resource
win7v20201028
Malware Config
Extracted
matiex
Protocol: smtp- Host:
smtp.privateemail.com - Port:
587 - Username:
sales01@seedwellresources.xyz - Password:
MARYolanmauluogwo@ever
Targets
-
-
Target
wCRnCAMZ3yT8BQ2.exe
-
Size
938KB
-
MD5
2363f93331fc792ae9cb5750043bdc89
-
SHA1
2fc0b7b4106a28ffe7f63f36ff64fe045e8f7daa
-
SHA256
08c29dfa0ccb747751c5ff3ccde88f7f8a5a87152121f75f60a886b14e86bf00
-
SHA512
a4a47c39e03c22844725b51ffd56f3ae01e9095733e8442eaba1fcf0e3a0e1edb127a6bf4b5ab8063614829db27919dea5a0e62f9e7d320e625fc498a603ad3e
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-