General
-
Target
98nMUVIMa7yoxmF.exe
-
Size
1.2MB
-
Sample
220125-x9h3ssdebq
-
MD5
a060e6b79f24c737ed87a315cfb02760
-
SHA1
6e28de0375a2a8431ebf17e8858e8a5a32e5358f
-
SHA256
962a2c242f1491057e2192083e69c7a4f06be6e37a2ceb85ba43f66fd21a80c3
-
SHA512
483729e2bd5c2118d2abc81fb4d469023c372e00f2d9056d68e03c8db6200f9ea83f9a32fb73131784e292b92885c893611d2d199253e4f596ae19aa62908e95
Static task
static1
Behavioral task
behavioral1
Sample
98nMUVIMa7yoxmF.exe
Resource
win7-en-20211208
Malware Config
Extracted
matiex
https://api.telegram.org/bot1769394961:AAF5BB35akL859CwVaXypIqpVsGWlaKvi7A/sendMessage?chat_id=1735544933
Targets
-
-
Target
98nMUVIMa7yoxmF.exe
-
Size
1.2MB
-
MD5
a060e6b79f24c737ed87a315cfb02760
-
SHA1
6e28de0375a2a8431ebf17e8858e8a5a32e5358f
-
SHA256
962a2c242f1491057e2192083e69c7a4f06be6e37a2ceb85ba43f66fd21a80c3
-
SHA512
483729e2bd5c2118d2abc81fb4d469023c372e00f2d9056d68e03c8db6200f9ea83f9a32fb73131784e292b92885c893611d2d199253e4f596ae19aa62908e95
-
Matiex Main Payload
-
suricata: ET MALWARE Matiex Keylogger Exfil Via Telegram
suricata: ET MALWARE Matiex Keylogger Exfil Via Telegram
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-