General
-
Target
a00b538eec95df8ee432d6a97aa485caaae707b47dec573d8f6943b4eaef0b26
-
Size
569KB
-
Sample
220415-plgwtscad9
-
MD5
a4cefbd7724d9941c429a57493ded1c1
-
SHA1
e24ec79da04b1b8edcb7c26f5e2bb041e2aff400
-
SHA256
a00b538eec95df8ee432d6a97aa485caaae707b47dec573d8f6943b4eaef0b26
-
SHA512
bdddd0a1716eb32ed6d055c4e506770c34cb1d0532197a2cfd3278e140da39bb18616eb800e4065409f1aea19bc8677382840edfe2b8ac56466401d10382d8f1
Static task
static1
Behavioral task
behavioral1
Sample
a00b538eec95df8ee432d6a97aa485caaae707b47dec573d8f6943b4eaef0b26.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
a00b538eec95df8ee432d6a97aa485caaae707b47dec573d8f6943b4eaef0b26.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
matiex
https://api.telegram.org/[email protected]/sendMessage?chat_id=dakar@20
Targets
-
-
Target
a00b538eec95df8ee432d6a97aa485caaae707b47dec573d8f6943b4eaef0b26
-
Size
569KB
-
MD5
a4cefbd7724d9941c429a57493ded1c1
-
SHA1
e24ec79da04b1b8edcb7c26f5e2bb041e2aff400
-
SHA256
a00b538eec95df8ee432d6a97aa485caaae707b47dec573d8f6943b4eaef0b26
-
SHA512
bdddd0a1716eb32ed6d055c4e506770c34cb1d0532197a2cfd3278e140da39bb18616eb800e4065409f1aea19bc8677382840edfe2b8ac56466401d10382d8f1
-
Matiex Main Payload
-
Meta Stealer Stealer
Meta Stealer steals passwords stored in browsers, written in C++.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-