General
-
Target
NKP210102-NIT-SC2.exe
-
Size
897KB
-
Sample
210112-wpedtewpxx
-
MD5
65b5174a50b047604c2aed66369a4a88
-
SHA1
853e75392f379c6d9f655c53c881c45287ab2f6b
-
SHA256
8d8c5013933443f1f3e20db22a1abd56815cdd61b866f7953e032678f5e3d049
-
SHA512
04e5a3e89538fc8a7b83773f52a9424da327f7fc2709e2f64f977056078e9bee87fc9ebd29619607a63b8844d084f093aa8da7d223eb97154bdb8137312b0d0e
Static task
static1
Behavioral task
behavioral1
Sample
NKP210102-NIT-SC2.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
mail.revistaeducar.com.ar - Port:
25 - Username:
[email protected] - Password:
somchai#3774
Extracted
matiex
Protocol: smtp- Host:
mail.revistaeducar.com.ar - Port:
25 - Username:
[email protected] - Password:
somchai#3774
Targets
-
-
Target
NKP210102-NIT-SC2.exe
-
Size
897KB
-
MD5
65b5174a50b047604c2aed66369a4a88
-
SHA1
853e75392f379c6d9f655c53c881c45287ab2f6b
-
SHA256
8d8c5013933443f1f3e20db22a1abd56815cdd61b866f7953e032678f5e3d049
-
SHA512
04e5a3e89538fc8a7b83773f52a9424da327f7fc2709e2f64f977056078e9bee87fc9ebd29619607a63b8844d084f093aa8da7d223eb97154bdb8137312b0d0e
-
Matiex Main Payload
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-