General
-
Target
PO# 2366.exe
-
Size
562KB
-
Sample
210104-1tpq3rvz12
-
MD5
87ea6faf43f55191b84e9be3da3bb730
-
SHA1
5d61fdb034fe227740428dd8f025c6ef06c6d7d8
-
SHA256
2026239c3cabfeae27fabc93031453a0af2bb4e18275bb0ee9d9ed467d3ae303
-
SHA512
10160f0e589681e6eac32e60cbca665fc01e728d305659154e2e121b0ede7dc3c9dc7bf101fafbc158e9806a46573944dd3ced2eb07b0eafa9e53790c9bf9c14
Static task
static1
Behavioral task
behavioral1
Sample
PO# 2366.exe
Resource
win7v20201028
Malware Config
Extracted
matiex
https://api.telegram.org/bot1277090811:AAHJ1mutkv0Wr1_9949BBcb3lR-DuRKH5RU/sendMessage?chat_id=1216524090
Targets
-
-
Target
PO# 2366.exe
-
Size
562KB
-
MD5
87ea6faf43f55191b84e9be3da3bb730
-
SHA1
5d61fdb034fe227740428dd8f025c6ef06c6d7d8
-
SHA256
2026239c3cabfeae27fabc93031453a0af2bb4e18275bb0ee9d9ed467d3ae303
-
SHA512
10160f0e589681e6eac32e60cbca665fc01e728d305659154e2e121b0ede7dc3c9dc7bf101fafbc158e9806a46573944dd3ced2eb07b0eafa9e53790c9bf9c14
-
Matiex Main Payload
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-