General
-
Target
sample-326259-9a44b1b88e13eb4719e1bf1d416c3c5d.zip
-
Size
739KB
-
Sample
201205-8e331y1gb6
-
MD5
ed1b4adc71b7f2756f43e26b939f0b5d
-
SHA1
b4b55b0d65b3abf5c9ee4b4d19c2abfffd998ce8
-
SHA256
24cb7ddefda210a0ec3e8e4aea6ea96397ae4a55200fc08d2a737272c2c102c3
-
SHA512
e65381150125f2397589c174c3921c1e7e60fc5ab269abcf1f84c8a34312ee44c070dc80dd7994e868c68f21ecd2b274bff04fdfda76d396b71b1c65a08e98d9
Static task
static1
Behavioral task
behavioral1
Sample
Quote.exe
Resource
win7v20201028
Malware Config
Extracted
matiex
https://api.telegram.org/bot1379319539:AAFQ7f96r1-8ijh6-Hym9Weh67R1ZdDQt0g/sendMessage?chat_id=1472166686
Targets
-
-
Target
Quote.exe
-
Size
887KB
-
MD5
9a44b1b88e13eb4719e1bf1d416c3c5d
-
SHA1
1bb55c3f3a34b79cd2753d14e7d1b2e34a861e4f
-
SHA256
0d74ff32725b829a6af1658c2228c4990a39f310c0c48dea01c8ac467840453f
-
SHA512
53341ecb3e83186dc109af3e936c0a166b0ed4d3cd6a7c20d9f786330cfb9953ea300a04f46cfe725c3b581bea00a6e84c49d9472ab900bd9fb847ca99bcb8f8
-
Matiex Main Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-