General
-
Target
aa1c59367acc2fe60523b7d0299fb4ec70bd4562a78de4dc7fea43dff55c97e3
-
Size
1002KB
-
Sample
220329-w4q1sadfhr
-
MD5
45245660e7e83484e772aa6cbc1ab65e
-
SHA1
6d3dc8803bc22bf815000c5013a825bf8ac2285d
-
SHA256
aa1c59367acc2fe60523b7d0299fb4ec70bd4562a78de4dc7fea43dff55c97e3
-
SHA512
1347bca45c75794d6b18be877fa711c7c9a498ac3a06ab8903b2a9e6bb3c3c7dd647d0a7cbecbd3dfa498d4a2e967595f67a83564e2f153ff38efcfb6b71d999
Static task
static1
Behavioral task
behavioral1
Sample
aa1c59367acc2fe60523b7d0299fb4ec70bd4562a78de4dc7fea43dff55c97e3.exe
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
aa1c59367acc2fe60523b7d0299fb4ec70bd4562a78de4dc7fea43dff55c97e3.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
matiex
https://api.telegram.org/[email protected]/sendMessage?chat_id=Kilimanjaro@123
Targets
-
-
Target
aa1c59367acc2fe60523b7d0299fb4ec70bd4562a78de4dc7fea43dff55c97e3
-
Size
1002KB
-
MD5
45245660e7e83484e772aa6cbc1ab65e
-
SHA1
6d3dc8803bc22bf815000c5013a825bf8ac2285d
-
SHA256
aa1c59367acc2fe60523b7d0299fb4ec70bd4562a78de4dc7fea43dff55c97e3
-
SHA512
1347bca45c75794d6b18be877fa711c7c9a498ac3a06ab8903b2a9e6bb3c3c7dd647d0a7cbecbd3dfa498d4a2e967595f67a83564e2f153ff38efcfb6b71d999
Score10/10-
Matiex Main Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-