General
-
Target
LlW4ErKRQ3PVoGb.exe
-
Size
1.1MB
-
Sample
220209-rwcqzaaeg5
-
MD5
5e53df92e2abdbc2305049f51140fec6
-
SHA1
c9a1d423fed180ec73be60ec740bfc0ae9120f82
-
SHA256
d3dd7dee8c874b7d1d1d6b5e499dedd7b049d82676213c0a317078a900a78451
-
SHA512
2f038af89c1fc8747e27f5a6675584954e975bf69917ac50526c06eff007c01b404538df3f9f217d1ab8c1d46c6d25b28360d069025d9cee419e931e75601aaf
Static task
static1
Behavioral task
behavioral1
Sample
LlW4ErKRQ3PVoGb.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
LlW4ErKRQ3PVoGb.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
matiex
https://api.telegram.org/bot1769394961:AAF5BB35akL859CwVaXypIqpVsGWlaKvi7A/sendMessage?chat_id=1735544933
Targets
-
-
Target
LlW4ErKRQ3PVoGb.exe
-
Size
1.1MB
-
MD5
5e53df92e2abdbc2305049f51140fec6
-
SHA1
c9a1d423fed180ec73be60ec740bfc0ae9120f82
-
SHA256
d3dd7dee8c874b7d1d1d6b5e499dedd7b049d82676213c0a317078a900a78451
-
SHA512
2f038af89c1fc8747e27f5a6675584954e975bf69917ac50526c06eff007c01b404538df3f9f217d1ab8c1d46c6d25b28360d069025d9cee419e931e75601aaf
Score10/10-
Matiex Main Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-