General
-
Target
SsSuaeML7312gbk.exe
-
Size
683KB
-
Sample
211111-t5mnmsgger
-
MD5
b228b9a2a36d06fd91d942e464ef16bd
-
SHA1
8a974471c6336b046f08d17d8ba4c31d7d151b9c
-
SHA256
108f33743a4ef5a5008a666449da79ba8505820db73e7e5098cb90c2cdd0ee66
-
SHA512
cb14152f1284087fd4206a27eea79cc4d2f568f3fbc1e1962cf64d1e5b97a4c8d4cce1925fe910dea421f401e8d5c07cf0c632405ff2e26f72873662f9a3ad09
Static task
static1
Behavioral task
behavioral1
Sample
SsSuaeML7312gbk.exe
Resource
win7-en-20211104
Malware Config
Extracted
matiex
https://api.telegram.org/bot1962824736:AAECUA300NkJ2NuTf0cKgva_k26j1y0NNHk/sendMessage?chat_id=457082756
Targets
-
-
Target
SsSuaeML7312gbk.exe
-
Size
683KB
-
MD5
b228b9a2a36d06fd91d942e464ef16bd
-
SHA1
8a974471c6336b046f08d17d8ba4c31d7d151b9c
-
SHA256
108f33743a4ef5a5008a666449da79ba8505820db73e7e5098cb90c2cdd0ee66
-
SHA512
cb14152f1284087fd4206a27eea79cc4d2f568f3fbc1e1962cf64d1e5b97a4c8d4cce1925fe910dea421f401e8d5c07cf0c632405ff2e26f72873662f9a3ad09
-
Matiex Main Payload
-
suricata: ET MALWARE Matiex Keylogger Exfil Via Telegram
suricata: ET MALWARE Matiex Keylogger Exfil Via Telegram
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-