General
-
Target
Revised Invoice.exe
-
Size
579KB
-
Sample
210121-plarklpf82
-
MD5
cbfb94a41abae103511d729b00687c7a
-
SHA1
f491f44fbbaafb97275cc90ecaa37926534a6151
-
SHA256
b9d37ce3380de623e8225b466fcd061db7f7828a2e39deace159e5c7f3455015
-
SHA512
77bfe24a4b0dcc0badcf0b33fd1da5335fadf0e366db4411b0ca130fecefa288006c06cf5bf363edd1b038619e1f8654e0e88020c454e4b0399d906c17128a59
Static task
static1
Behavioral task
behavioral1
Sample
Revised Invoice.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
igbrusure@gmail.com - Password:
mrruben0094
Extracted
matiex
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
igbrusure@gmail.com - Password:
mrruben0094
Targets
-
-
Target
Revised Invoice.exe
-
Size
579KB
-
MD5
cbfb94a41abae103511d729b00687c7a
-
SHA1
f491f44fbbaafb97275cc90ecaa37926534a6151
-
SHA256
b9d37ce3380de623e8225b466fcd061db7f7828a2e39deace159e5c7f3455015
-
SHA512
77bfe24a4b0dcc0badcf0b33fd1da5335fadf0e366db4411b0ca130fecefa288006c06cf5bf363edd1b038619e1f8654e0e88020c454e4b0399d906c17128a59
-
Matiex Main Payload
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-