General
-
Target
8880bd618707f140d77bc13285dd0275.exe
-
Size
502KB
-
Sample
210111-2v6b8yja42
-
MD5
8880bd618707f140d77bc13285dd0275
-
SHA1
d534eb0f7da80d72ccf13841f479d8f3b063c9a5
-
SHA256
0641e54bfbf07a35b4b66a3138571d006072a1a2a22265f2edfb4e6719a62574
-
SHA512
d896ccdc43d23f4e5eada65007be2f3b560ead825af292e0fb3b44ec327ddd406d6785c108cbcb56372888e8bcd006a1fcf959a91ead144f12ce9bf32d4a130c
Static task
static1
Behavioral task
behavioral1
Sample
8880bd618707f140d77bc13285dd0275.exe
Resource
win7v20201028
Malware Config
Extracted
matiex
https://api.telegram.org/bot1277090811:AAHJ1mutkv0Wr1_9949BBcb3lR-DuRKH5RU/sendMessage?chat_id=1216524090
Targets
-
-
Target
8880bd618707f140d77bc13285dd0275.exe
-
Size
502KB
-
MD5
8880bd618707f140d77bc13285dd0275
-
SHA1
d534eb0f7da80d72ccf13841f479d8f3b063c9a5
-
SHA256
0641e54bfbf07a35b4b66a3138571d006072a1a2a22265f2edfb4e6719a62574
-
SHA512
d896ccdc43d23f4e5eada65007be2f3b560ead825af292e0fb3b44ec327ddd406d6785c108cbcb56372888e8bcd006a1fcf959a91ead144f12ce9bf32d4a130c
-
Matiex Main Payload
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-