General
-
Target
weg6tX6TTk78XZ5.exe
-
Size
1.1MB
-
Sample
210120-7en75t1ptn
-
MD5
ce11639e100ffbaaf01642df2947b9b1
-
SHA1
4d4974bd4ebe6a84c44528abd3ab77b82ee84271
-
SHA256
5f97fdcdf2c5d98b0183c91b0e070693ee0708721f4a5a7e270d752d7740111b
-
SHA512
87e93e6e0f80d4fded10cc89c2fd3b78bd3503aa27b60765e75a381197c07b6c609e269d354ddc429445bd0aa126d0cf1fa6013847a0c4a05d566af375a50ce1
Static task
static1
Behavioral task
behavioral1
Sample
weg6tX6TTk78XZ5.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
smtp.privateemail.com - Port:
587 - Username:
click2resultpanel@midombo.com - Password:
Nigerian99
Extracted
matiex
Protocol: smtp- Host:
smtp.privateemail.com - Port:
587 - Username:
click2resultpanel@midombo.com - Password:
Nigerian99
Targets
-
-
Target
weg6tX6TTk78XZ5.exe
-
Size
1.1MB
-
MD5
ce11639e100ffbaaf01642df2947b9b1
-
SHA1
4d4974bd4ebe6a84c44528abd3ab77b82ee84271
-
SHA256
5f97fdcdf2c5d98b0183c91b0e070693ee0708721f4a5a7e270d752d7740111b
-
SHA512
87e93e6e0f80d4fded10cc89c2fd3b78bd3503aa27b60765e75a381197c07b6c609e269d354ddc429445bd0aa126d0cf1fa6013847a0c4a05d566af375a50ce1
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-