General
-
Target
Enijidjm.001
-
Size
29KB
-
Sample
220211-j9kpqseafr
-
MD5
34f43688d7a1abe4f127f7c0ac9820b0
-
SHA1
453c7d1d72802950c3b6700e90a346ca03ffd3f3
-
SHA256
983790f3afb9aa0fb567435bb73750a94e66d134cf6dbc2566089af6d6c0ce34
-
SHA512
6b4cb52fd98110023b4e8b5fdd7aaf23a04c4e926fad2165e23023a882ec6343e0e1b0f73ffae4219bb8ad3363165a6273406e670f341153f93e0acdc6f3ac79
Static task
static1
Behavioral task
behavioral1
Sample
Enijidjm.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Enijidjm.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
Protocol: smtp- Host:
serv3.devmexico.com - Port:
587 - Username:
[email protected] - Password:
3}l^pI#_4K_!
Extracted
matiex
Protocol: smtp- Host:
serv3.devmexico.com - Port:
587 - Username:
[email protected] - Password:
3}l^pI#_4K_! - Email To:
[email protected]
Targets
-
-
Target
Enijidjm.exe
-
Size
111KB
-
MD5
dda708bbd533046daf479fd123f75cda
-
SHA1
b8dc0fa033f434eafe46df7c0320676c866814cb
-
SHA256
f442097ffe0336d6712267088a4368aa539f51f7ea7d1e950da88c6a42f1b29e
-
SHA512
b6c983e27964446d6c8c3dcb6f03d0cbb957fd2c2cbe2888444372a4a3b69b22d3e9b3e401972aa5b365bc6b810dbffef9aa0aaeb50bf8e31f720f173b961e58
Score10/10-
Matiex Main Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-