General
-
Target
invoice12212020.exe
-
Size
603KB
-
Sample
201223-4r7hyym97n
-
MD5
c9c85baf97e31c3154ed9ceec13a928e
-
SHA1
f82c6587a0137e2e9384e824c4d1e30d415247e8
-
SHA256
ab928789224fd46229b8c5caffab8625636b7005ba793c796c0696e157da4c99
-
SHA512
18a748a66a6bd22c99c65e61bacf34e21da47a557595482ddeef5ecffa52ad19ae32b3bf606349cf8a36093f854a4ecaf694b3b5f4e80913a4b72bdb296e7b73
Static task
static1
Behavioral task
behavioral1
Sample
invoice12212020.exe
Resource
win7v20201028
Malware Config
Extracted
matiex
https://api.telegram.org/bot1336613640:AAGGq5LL3mwkNVhiwT8GF2n6V8PUAYwnbxI/sendMessage?chat_id=820431583
Targets
-
-
Target
invoice12212020.exe
-
Size
603KB
-
MD5
c9c85baf97e31c3154ed9ceec13a928e
-
SHA1
f82c6587a0137e2e9384e824c4d1e30d415247e8
-
SHA256
ab928789224fd46229b8c5caffab8625636b7005ba793c796c0696e157da4c99
-
SHA512
18a748a66a6bd22c99c65e61bacf34e21da47a557595482ddeef5ecffa52ad19ae32b3bf606349cf8a36093f854a4ecaf694b3b5f4e80913a4b72bdb296e7b73
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-