General
-
Target
af5294cacf991f14f15ce90f8be38188b54e46d4fd1d8f509f946d8cde3ef3ae
-
Size
468KB
-
Sample
220324-yssrcadgc2
-
MD5
6d054ce190fd0da92b895d7cb5397b03
-
SHA1
3bd56aa669000a6c19223bda713dc313f8279771
-
SHA256
af5294cacf991f14f15ce90f8be38188b54e46d4fd1d8f509f946d8cde3ef3ae
-
SHA512
58697957dde090133d027b13a18d462c786ac41c11c32faef0b2751e30b37530e0ec9368c3beac6f4077e1d42f89a1a76eb95cacf3c93a2b0d5e8411fcec2e29
Static task
static1
Behavioral task
behavioral1
Sample
af5294cacf991f14f15ce90f8be38188b54e46d4fd1d8f509f946d8cde3ef3ae.exe
Resource
win7-20220311-en
Malware Config
Extracted
matiex
https://api.telegram.org/bot1428011164:AAFKIFGek20EZJPbNxOt7K2R-Cf-IiVGehs/sendMessage?chat_id=1280541017
Targets
-
-
Target
af5294cacf991f14f15ce90f8be38188b54e46d4fd1d8f509f946d8cde3ef3ae
-
Size
468KB
-
MD5
6d054ce190fd0da92b895d7cb5397b03
-
SHA1
3bd56aa669000a6c19223bda713dc313f8279771
-
SHA256
af5294cacf991f14f15ce90f8be38188b54e46d4fd1d8f509f946d8cde3ef3ae
-
SHA512
58697957dde090133d027b13a18d462c786ac41c11c32faef0b2751e30b37530e0ec9368c3beac6f4077e1d42f89a1a76eb95cacf3c93a2b0d5e8411fcec2e29
-
Matiex Main Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-