General
-
Target
f8d7d56e031ac6296d85ef52def961af07dc81b496c58c49d04c3bb70731ebef
-
Size
529KB
-
Sample
220206-htryfagda8
-
MD5
ec5a424e840ba4774d87332d3883853e
-
SHA1
a4326b549d09bb3876d150c827673fed5f6601b6
-
SHA256
f8d7d56e031ac6296d85ef52def961af07dc81b496c58c49d04c3bb70731ebef
-
SHA512
1a938a4d9a416bf2c0d205d27ede65e08ebc30e52603c0360fe12570d6b897549adf3c7331292805ae1b91d7ad1573ff8f1f186a0abfda8637a96801eef75a80
Static task
static1
Behavioral task
behavioral1
Sample
m60980.exe
Resource
win7-en-20211208
Malware Config
Extracted
matiex
https://api.telegram.org/bot1395392888:AAFrJovDdZICOFB0gX0eGWrAUzEKCRpv8xo/sendMessage?chat_id=1300181783
Targets
-
-
Target
m60980.exe
-
Size
602KB
-
MD5
65134f2b82de31f29c1350af7f03e194
-
SHA1
341648365f3bbc992ef4cc68480ec059537621f0
-
SHA256
a5558fff1ebe81b0f0534b51d9329ef59e867d5281d78a149e66fa6c218f0ef4
-
SHA512
fd8189db2c352801b2662045a89f09251b1326424d24481fa2f90a927900e9ee5b7cbbaf2951cce12f27834a6792cbbc329a3d572835952146cb3f0ddb3ec05f
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-