General
-
Target
Payment Notification.exe
-
Size
1.0MB
-
Sample
210114-bchnyt3frs
-
MD5
22d61a1e0f48b05fec1a4cf9da160b16
-
SHA1
68826094caeffc43d24ddf0d2ad1c6ed5e961272
-
SHA256
78f08071af81517d374179110b8018fce8d6670abd110ab76fdf811a08761ad4
-
SHA512
760c4b4b9fdc3fca93129a0bc973e27bbe8e9d696baae51509a70dc8a8f0fc1ad8a1fa5801c9f21cacfea66bc728de1102f868d1a348fde1350f42d337d2df5d
Static task
static1
Behavioral task
behavioral1
Sample
Payment Notification.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
mail.revistaeducar.com.ar - Port:
25 - Username:
smtp-1a2c5@revistaeducar.com.ar - Password:
somchai#3774
Extracted
matiex
Protocol: smtp- Host:
mail.revistaeducar.com.ar - Port:
25 - Username:
smtp-1a2c5@revistaeducar.com.ar - Password:
somchai#3774
Targets
-
-
Target
Payment Notification.exe
-
Size
1.0MB
-
MD5
22d61a1e0f48b05fec1a4cf9da160b16
-
SHA1
68826094caeffc43d24ddf0d2ad1c6ed5e961272
-
SHA256
78f08071af81517d374179110b8018fce8d6670abd110ab76fdf811a08761ad4
-
SHA512
760c4b4b9fdc3fca93129a0bc973e27bbe8e9d696baae51509a70dc8a8f0fc1ad8a1fa5801c9f21cacfea66bc728de1102f868d1a348fde1350f42d337d2df5d
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-