General
-
Target
2d4c000be3c4793450b66bb80510f8d73c2894c0c1182bb29041428277ce3096
-
Size
612KB
-
Sample
220221-25xgvabea7
-
MD5
9a0589957f0ee7825d9c6e25da6bff4d
-
SHA1
bc74d51c60f778066263eac0dffdf2252c543a92
-
SHA256
2d4c000be3c4793450b66bb80510f8d73c2894c0c1182bb29041428277ce3096
-
SHA512
4c9f7e3829bc14e57382344b8660b5fb3cd35c2552e9651b6ebd53784354c3e043132d36c29c4b13cf32ae5ff614033fa2c50ae0630e66bb55af7e1bbfaea25e
Static task
static1
Behavioral task
behavioral1
Sample
NKP210102-NIT-SC2.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
NKP210102-NIT-SC2.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
matiex
Protocol: smtp- Host:
mail.revistaeducar.com.ar - Port:
25 - Username:
[email protected] - Password:
somchai#3774
Extracted
Protocol: smtp- Host:
mail.revistaeducar.com.ar - Port:
25 - Username:
[email protected] - Password:
somchai#3774
Targets
-
-
Target
NKP210102-NIT-SC2.exe
-
Size
897KB
-
MD5
65b5174a50b047604c2aed66369a4a88
-
SHA1
853e75392f379c6d9f655c53c881c45287ab2f6b
-
SHA256
8d8c5013933443f1f3e20db22a1abd56815cdd61b866f7953e032678f5e3d049
-
SHA512
04e5a3e89538fc8a7b83773f52a9424da327f7fc2709e2f64f977056078e9bee87fc9ebd29619607a63b8844d084f093aa8da7d223eb97154bdb8137312b0d0e
Score10/10-
Matiex Main Payload
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-