General
-
Target
2021 NEW LIST.exe
-
Size
951KB
-
Sample
210120-twk2xrq5v6
-
MD5
0e23d8747ee8389cd5efdcf703ffc520
-
SHA1
1eef4df1079c5a328473c9bef8db9a1b7eb1b518
-
SHA256
0bd4a6df9d752c54589dca027df07822dc2595fa1a73a48be50e7f4e5e7116fe
-
SHA512
912247043ec09456aa74fb7af66be27db5a48b83fcc73c36c0740a15538bb52262a7478c902fa52db53a9433124f8de601fa058f9e35e9b3a31976e418bde50b
Static task
static1
Behavioral task
behavioral1
Sample
2021 NEW LIST.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
mail.gschofield.com - Port:
587 - Username:
gschofield@gschofield.com - Password:
gaston1955
Extracted
matiex
Protocol: smtp- Host:
mail.gschofield.com - Port:
587 - Username:
gschofield@gschofield.com - Password:
gaston1955
Targets
-
-
Target
2021 NEW LIST.exe
-
Size
951KB
-
MD5
0e23d8747ee8389cd5efdcf703ffc520
-
SHA1
1eef4df1079c5a328473c9bef8db9a1b7eb1b518
-
SHA256
0bd4a6df9d752c54589dca027df07822dc2595fa1a73a48be50e7f4e5e7116fe
-
SHA512
912247043ec09456aa74fb7af66be27db5a48b83fcc73c36c0740a15538bb52262a7478c902fa52db53a9433124f8de601fa058f9e35e9b3a31976e418bde50b
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-