General
-
Target
PURCHASE ORDER 1.rar
-
Size
366KB
-
Sample
201116-v2h2b2ntmj
-
MD5
5cd64c49b4fa8c75e33e0eac633b1929
-
SHA1
a4b704ef19242e8f70f8c331bcea6d4b0e263cbc
-
SHA256
65522c342f0cd2781c90a3cb7176342ee51106250c77d64718708ab78922c742
-
SHA512
fd65fa657c4b9b3f18a621d7f56858fce6145c293df981f748273642570b6f097b310868f1480ef16add9ef34e3ec43d25e964c7d419cf75ef1652852ae2f237
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASE ORDER (2).exe
Resource
win7v20201028
Malware Config
Extracted
matiex
https://api.telegram.org/bot1446233835:AAFUBfbUnZ7JJIYwfK1VPiEf9YSnzaCuLXc/sendMessage?chat_id=1430605258
Targets
-
-
Target
PURCHASE ORDER (2).exe
-
Size
439KB
-
MD5
19171693b2069fc88260970235109256
-
SHA1
b4df7ddbb61980ae5f4e2712590a458e996b8be4
-
SHA256
4e7ee141bae54178faf8f656c6f01ac44a7d39bd0ac21f9193ce51a8b12d8252
-
SHA512
dbd535a6899eb6b6abaf31fc053762d9ac428aeb797ee686f54e1a06601330a03a9416f05a68fda95aac75d8dcfc05acdf2d07b9db47cb1b6748ee769eb262c0
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-