General
-
Target
INVOICE RECEIPT NO253334.exe
-
Size
455KB
-
Sample
210726-cn1y27ales
-
MD5
c6b4a2eb53f687988c0427cf752d429f
-
SHA1
d6b3299043950047524087631f72375b68bfc36d
-
SHA256
786a583ea35093cc588069ed3b8d4dd6dbe8e9edfe68569d3752c6da82db0de1
-
SHA512
ded0daa7672ade2aabf1695c67441c0c488b8f44170ebd438105936eeac2a4d9fb7da1aef48565bb42caf6807eb4f0157a0de43ddf4731e5d3c428e8cf034dee
Static task
static1
Behavioral task
behavioral1
Sample
INVOICE RECEIPT NO253334.exe
Resource
win7v20210410
Malware Config
Extracted
matiex
https://api.telegram.org/bot1718729558:AAFUftnJNVxfQZ7XrIUEpE1UiXHAYPc6VAQ/sendMessage?chat_id=1841930277
Targets
-
-
Target
INVOICE RECEIPT NO253334.exe
-
Size
455KB
-
MD5
c6b4a2eb53f687988c0427cf752d429f
-
SHA1
d6b3299043950047524087631f72375b68bfc36d
-
SHA256
786a583ea35093cc588069ed3b8d4dd6dbe8e9edfe68569d3752c6da82db0de1
-
SHA512
ded0daa7672ade2aabf1695c67441c0c488b8f44170ebd438105936eeac2a4d9fb7da1aef48565bb42caf6807eb4f0157a0de43ddf4731e5d3c428e8cf034dee
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-