General
-
Target
2e89475048a3e00dcb772e4071a0fa53d8328de9c9c1ad6c45aa5307afe60867
-
Size
431KB
-
Sample
220520-3a2zhsgee8
-
MD5
bc023101f3e168fb5dd69e8631c30a47
-
SHA1
1a8ec0d50c5a872beb664d3810d331e8fb99d919
-
SHA256
2e89475048a3e00dcb772e4071a0fa53d8328de9c9c1ad6c45aa5307afe60867
-
SHA512
3572cc9ab36adfa851e2317b4b8dc6dcbee0651a9869eac2835cce9eddf4a8f9710fbbe3b34ca65f6972d3dd0f638838bd3f6d9ef1308dcec01594a7a447efc2
Static task
static1
Behavioral task
behavioral1
Sample
ADHOC RFQ-97571784.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ADHOC RFQ-97571784.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
mail.ecg-ingenieria.mx - Port:
26 - Username:
cs50@ecg-ingenieria.mx - Password:
cPDDp=?[5(?{
Targets
-
-
Target
ADHOC RFQ-97571784.exe
-
Size
487KB
-
MD5
500f8ec671a6240d2cce92f5b5bd7084
-
SHA1
b28a408da0bcd30853fac441195c34b7596b0a13
-
SHA256
7f71a2ee2702cc9596589c5cb0ec16ec0a5db80266c2ffeabb299d19379641e6
-
SHA512
f179a9e3e03e04933d347d92549003edd86844a06242590c1f8269141b601314be96c2eeaec43cc97267d5a4a15cf03beb3816f775a8002f46b04d6e78d34ffa
Score10/10-
Matiex Main Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-