General
-
Target
78e494cf466d16bb68b782324fa83c0f597debcce4d3bac88301b3da116616d2
-
Size
570KB
-
Sample
220206-stsj3sbcgm
-
MD5
3db7a695150314adc5f834ace5cdb0b0
-
SHA1
fc169b2d406f7742406e675228aef998b106ae6d
-
SHA256
78e494cf466d16bb68b782324fa83c0f597debcce4d3bac88301b3da116616d2
-
SHA512
10853f6a20da2caf06d1f48b6aab2c169a1afc424dc5518180a51f4a3e0e52a107e931a9fd108842d2cd9893016c1a0e43441fe25022078b34705cd6b69cbbdc
Static task
static1
Behavioral task
behavioral1
Sample
MUYR09080.exe
Resource
win7-en-20211208
Malware Config
Extracted
matiex
https://api.telegram.org/bot1395392888:AAFrJovDdZICOFB0gX0eGWrAUzEKCRpv8xo/sendMessage?chat_id=1300181783
Targets
-
-
Target
MUYR09080.exe
-
Size
851KB
-
MD5
4138495cd942b253246d9bd965760aea
-
SHA1
fb80d388264dd3bd07b9a815958970f495e01021
-
SHA256
446a9c4fe226595e6a506d2a27c4b433b5651f9f8110ab289371f080a596a779
-
SHA512
a6c6fe65f34d53d0d8308baeb0ba022512ef9a6ac52e4f56b44eebd11833e37889f694353b0170b5a44df3391e59d23fe59782e97430d639c6bab9462f84165a
-
Matiex Main Payload
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-