General
-
Target
New Order.exe
-
Size
639KB
-
Sample
210125-pzjmdlb4h2
-
MD5
cfbd31988f29e73136639cb2348eb634
-
SHA1
6597d7de6b4377d15482f8ac236363c7775439d4
-
SHA256
7986c14ae93e53bf4616d1c6ccdcc6e882974fb190892d9e597d22d36622d9d8
-
SHA512
4665ad7c6223429e7cdb6e4c4b3f18a23f8fade93de5b8dceddf75bb327ea84e8708f5f37b4362cd05c6e1f9dd85242d307c9c9c83cc7dbfb28dcdef8d3fa3a2
Static task
static1
Behavioral task
behavioral1
Sample
New Order.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
mail.cleo2solutions.com.au - Port:
25 - Username:
[email protected] - Password:
Enter@123
Extracted
matiex
Protocol: smtp- Host:
mail.cleo2solutions.com.au - Port:
25 - Username:
[email protected] - Password:
Enter@123
Targets
-
-
Target
New Order.exe
-
Size
639KB
-
MD5
cfbd31988f29e73136639cb2348eb634
-
SHA1
6597d7de6b4377d15482f8ac236363c7775439d4
-
SHA256
7986c14ae93e53bf4616d1c6ccdcc6e882974fb190892d9e597d22d36622d9d8
-
SHA512
4665ad7c6223429e7cdb6e4c4b3f18a23f8fade93de5b8dceddf75bb327ea84e8708f5f37b4362cd05c6e1f9dd85242d307c9c9c83cc7dbfb28dcdef8d3fa3a2
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-