General
-
Target
03ba23a85802f57beed2d5c69453c6d2.exe
-
Size
500KB
-
Sample
210119-sgdy834ea2
-
MD5
03ba23a85802f57beed2d5c69453c6d2
-
SHA1
3d83f5623299630fd6f57a567ac048c7d1853dcb
-
SHA256
39d7b97907b7836d51b332d85ecdbf4cd5fa55de562959a020a6752adeea4e1c
-
SHA512
028c6edb097565b888589159fb7c8eb92604c333ac58cd075447eb369ae2cd071b85ee0ffdd427ec448fe1b3070adfe26ff5c28482b997a630f8f95b719e2974
Static task
static1
Behavioral task
behavioral1
Sample
03ba23a85802f57beed2d5c69453c6d2.exe
Resource
win7v20201028
Malware Config
Extracted
matiex
https://api.telegram.org/bot1271137457:AAFNGECSqnP1dXVAPgbr-EWVUDbzylXjmhg/sendMessage?chat_id=1216524090
Targets
-
-
Target
03ba23a85802f57beed2d5c69453c6d2.exe
-
Size
500KB
-
MD5
03ba23a85802f57beed2d5c69453c6d2
-
SHA1
3d83f5623299630fd6f57a567ac048c7d1853dcb
-
SHA256
39d7b97907b7836d51b332d85ecdbf4cd5fa55de562959a020a6752adeea4e1c
-
SHA512
028c6edb097565b888589159fb7c8eb92604c333ac58cd075447eb369ae2cd071b85ee0ffdd427ec448fe1b3070adfe26ff5c28482b997a630f8f95b719e2974
-
Matiex Main Payload
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-