General
-
Target
rznfT9ZOchwd1lv.exe
-
Size
877KB
-
Sample
220127-je915shdfr
-
MD5
f3dfd893926ee70d0b7edc785122627a
-
SHA1
d8aeb366373e6f6d6621c8f8559050730373bb17
-
SHA256
0513fda6f36b07e54a0379c946286304deb8f60b7e37016dc2fab40182211c24
-
SHA512
c129b2bca515f0a7569115324ac26caebba75adcf1137027f80f94a10585b98bce9d16deee72dccd26b2e27717dd7e89324cac2542df57d367c265fdf7903975
Static task
static1
Behavioral task
behavioral1
Sample
rznfT9ZOchwd1lv.exe
Resource
win7-en-20211208
Malware Config
Extracted
matiex
https://api.telegram.org/bot1769394961:AAF5BB35akL859CwVaXypIqpVsGWlaKvi7A/sendMessage?chat_id=1735544933
Targets
-
-
Target
rznfT9ZOchwd1lv.exe
-
Size
877KB
-
MD5
f3dfd893926ee70d0b7edc785122627a
-
SHA1
d8aeb366373e6f6d6621c8f8559050730373bb17
-
SHA256
0513fda6f36b07e54a0379c946286304deb8f60b7e37016dc2fab40182211c24
-
SHA512
c129b2bca515f0a7569115324ac26caebba75adcf1137027f80f94a10585b98bce9d16deee72dccd26b2e27717dd7e89324cac2542df57d367c265fdf7903975
-
Matiex Main Payload
-
suricata: ET MALWARE Matiex Keylogger Exfil Via Telegram
suricata: ET MALWARE Matiex Keylogger Exfil Via Telegram
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-