General
-
Target
lJFlbD0vMzZDdIO.exe
-
Size
734KB
-
Sample
220113-xr5h3scbd2
-
MD5
a720e7676c39877cf2afd73790c6f1dd
-
SHA1
e4c074d365f4a1adb9217357c1422425becdcef4
-
SHA256
cfb126c1f3cb879c92107a21752c8d9331c3e5991e6501ec0a13bd28ebbd54aa
-
SHA512
c9c4ce02fdab0ab0bcda5c29141f1ca4c9b3ea0b914ae7079fe74d47884f5eb2da5c71c14c09c83c0f82ac24f346bfcf6e8cad64ed954d82fbb4f4761470eb21
Static task
static1
Behavioral task
behavioral1
Sample
lJFlbD0vMzZDdIO.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
lJFlbD0vMzZDdIO.exe
Resource
win10-en-20211208
Malware Config
Extracted
matiex
https://api.telegram.org/bot1769394961:AAF5BB35akL859CwVaXypIqpVsGWlaKvi7A/sendMessage?chat_id=1735544933
Targets
-
-
Target
lJFlbD0vMzZDdIO.exe
-
Size
734KB
-
MD5
a720e7676c39877cf2afd73790c6f1dd
-
SHA1
e4c074d365f4a1adb9217357c1422425becdcef4
-
SHA256
cfb126c1f3cb879c92107a21752c8d9331c3e5991e6501ec0a13bd28ebbd54aa
-
SHA512
c9c4ce02fdab0ab0bcda5c29141f1ca4c9b3ea0b914ae7079fe74d47884f5eb2da5c71c14c09c83c0f82ac24f346bfcf6e8cad64ed954d82fbb4f4761470eb21
Score10/10-
Matiex Main Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-