General
-
Target
2fqBWgZQeAgkbCH.exe
-
Size
1.1MB
-
Sample
220125-kc1v5acbaq
-
MD5
72dfd1d599cce598e8b87177b6d1073b
-
SHA1
b2cc4bb5696df68719a5cd459c1bab81c7c736c4
-
SHA256
0cd96a2654e91bcc1de8b58be478885306f814da7b0c28d55f159a8735833c2b
-
SHA512
41f8f121d00ad0be34bf7c7cc6457b84b52ae9f1ce0494206a8247490eab5d7069a910d60c1cdcda2ffc65f4e8421345704565130ea63a95bf27a6c4d842e15e
Static task
static1
Behavioral task
behavioral1
Sample
2fqBWgZQeAgkbCH.exe
Resource
win7-en-20211208
Malware Config
Extracted
matiex
https://api.telegram.org/bot1769394961:AAF5BB35akL859CwVaXypIqpVsGWlaKvi7A/sendMessage?chat_id=1735544933
Targets
-
-
Target
2fqBWgZQeAgkbCH.exe
-
Size
1.1MB
-
MD5
72dfd1d599cce598e8b87177b6d1073b
-
SHA1
b2cc4bb5696df68719a5cd459c1bab81c7c736c4
-
SHA256
0cd96a2654e91bcc1de8b58be478885306f814da7b0c28d55f159a8735833c2b
-
SHA512
41f8f121d00ad0be34bf7c7cc6457b84b52ae9f1ce0494206a8247490eab5d7069a910d60c1cdcda2ffc65f4e8421345704565130ea63a95bf27a6c4d842e15e
-
Matiex Main Payload
-
suricata: ET MALWARE Matiex Keylogger Exfil Via Telegram
suricata: ET MALWARE Matiex Keylogger Exfil Via Telegram
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-