General
-
Target
1fc8d11f8a504ef9c49b97bab892efdc45b6540458db3ad14f083f8ec19062a9
-
Size
484KB
-
Sample
220521-ncakqagefj
-
MD5
8f90968f6fa3e361e2e5f2a20eb9d5a2
-
SHA1
e69d27c7aa06cbba547173dc06b1dc680f53c26a
-
SHA256
1fc8d11f8a504ef9c49b97bab892efdc45b6540458db3ad14f083f8ec19062a9
-
SHA512
b6bae911742bf915953804164547124bd783dd236660e70e8373aa86b50bd9a28f032e0ee99fd2d4c1cfd37645e055b55ec3789e26ac9605f3af20d5a12d573c
Static task
static1
Behavioral task
behavioral1
Sample
1XrdOdPqR6jBVMu.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
1XrdOdPqR6jBVMu.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
kin.hosting-mexico.net - Port:
26 - Username:
rm@timbradompresarial.com - Password:
VN=m3-pILg4f
Targets
-
-
Target
1XrdOdPqR6jBVMu.exe
-
Size
507KB
-
MD5
e5a4d65f4234001c405be18760073317
-
SHA1
9aaf994aa6cee464fde60749d9a1aba698199b41
-
SHA256
021f4846815c6c2c0fcd2a808054c52c0569526bd4fb049b47ceb061e822d354
-
SHA512
27892695e298ac1be6f982b97be4a9da56ed31031c3cb83d8e98815d1676442672aa3626a8a14782e638fa988a96dcb3229c72356374f7193fc8ee7469fdcc69
Score10/10-
Matiex Main Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-