General
-
Target
purchase.exe
-
Size
523KB
-
Sample
201221-56gvn59242
-
MD5
4f0f5333176758254faf1b18a35ea925
-
SHA1
355e93fb50fb7d67e844bfe408462828b96f2565
-
SHA256
79a907e747dc5b0a4d2594b3365aa71f26b636380b06db8f257ef4ec47b4555f
-
SHA512
a85fb4c8af2585bc2e1bd47f323e151e04caec6926af76af67bb031db5b2abc60ffcfc85e2ff962461586e957fa08181dfe1107e54ba6973bdea2df730f6410d
Static task
static1
Behavioral task
behavioral1
Sample
purchase.exe
Resource
win7v20201028
Malware Config
Extracted
matiex
https://api.telegram.org/bot1336613640:AAGGq5LL3mwkNVhiwT8GF2n6V8PUAYwnbxI/sendMessage?chat_id=820431583
Targets
-
-
Target
purchase.exe
-
Size
523KB
-
MD5
4f0f5333176758254faf1b18a35ea925
-
SHA1
355e93fb50fb7d67e844bfe408462828b96f2565
-
SHA256
79a907e747dc5b0a4d2594b3365aa71f26b636380b06db8f257ef4ec47b4555f
-
SHA512
a85fb4c8af2585bc2e1bd47f323e151e04caec6926af76af67bb031db5b2abc60ffcfc85e2ff962461586e957fa08181dfe1107e54ba6973bdea2df730f6410d
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-