General
-
Target
6d63ce63a5e3739b672cee98df82016b785931edd059568123d6dc4f0676ed48
-
Size
547KB
-
Sample
220520-2fwt1sfcc9
-
MD5
463a6246797ffb03ba873b7ec7529c14
-
SHA1
7c669a1e5b230a2f175e3e7e76f9473626279586
-
SHA256
6d63ce63a5e3739b672cee98df82016b785931edd059568123d6dc4f0676ed48
-
SHA512
67da2b28da264b2f5c9655da7c1cd6e6c37e8ccda65853fbdbd783a7686881c4cb0147746e9f7689541ab05089ccf22a804f0144cc3e4507b872a652b68a0c56
Static task
static1
Behavioral task
behavioral1
Sample
ADHOC RFQ-97571784.exe
Resource
win7-20220414-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
mail.ecg-ingenieria.mx - Port:
26 - Username:
k1@ecg-ingenieria.mx - Password:
l,0lw1B3YNrK
Targets
-
-
Target
ADHOC RFQ-97571784.exe
-
Size
752KB
-
MD5
3b6a5dff660d98b9bf28fcd5d405f730
-
SHA1
ff5edd294f28d909cdc7bda80d2c9cdb217684f0
-
SHA256
3cb6e41efa5dff6ef7957b9ae07c6b47f2ec35bc88889424d83ca3e96bcf3922
-
SHA512
3b031fbbbd6921659bd8ca68e50870128cb9e938552b72386c70a7288bf6b03a655da514f033f89d8a461019f8b54deb79a4a6c162989a052bdee81b5273fcee
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-