General
-
Target
odT0zoYLJiNUQXd.exe
-
Size
1.0MB
-
Sample
210119-hq6h6mfhvs
-
MD5
d3e395135ceb5da670e0bbfd0b1a142b
-
SHA1
a108f551b8493de56146e9ce78fbbbf1ca1469af
-
SHA256
e906ee6485c777452c364eb7950b0553061565e9fa01dd56aed9097493c9af2b
-
SHA512
0219d16b85619ce4a3006029e6c227c245386f009e5a5546f1cd3f1a1ae7a04780086a258c3c7e8a72a20532e9efd1de0c63a0f762fd095c9f51308ce46aff26
Static task
static1
Behavioral task
behavioral1
Sample
odT0zoYLJiNUQXd.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
smtp.privateemail.com - Port:
587 - Username:
click2resultpanel@midombo.com - Password:
Nigerian99
Extracted
matiex
Protocol: smtp- Host:
smtp.privateemail.com - Port:
587 - Username:
click2resultpanel@midombo.com - Password:
Nigerian99
Targets
-
-
Target
odT0zoYLJiNUQXd.exe
-
Size
1.0MB
-
MD5
d3e395135ceb5da670e0bbfd0b1a142b
-
SHA1
a108f551b8493de56146e9ce78fbbbf1ca1469af
-
SHA256
e906ee6485c777452c364eb7950b0553061565e9fa01dd56aed9097493c9af2b
-
SHA512
0219d16b85619ce4a3006029e6c227c245386f009e5a5546f1cd3f1a1ae7a04780086a258c3c7e8a72a20532e9efd1de0c63a0f762fd095c9f51308ce46aff26
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-