General
-
Target
23a7c274f2cc0869be588d6ab18edda7b6e6092a80d62c5c782b4f7d6a2a747a
-
Size
595KB
-
Sample
220420-dgcwjaeffp
-
MD5
84503c47129e8677ea66a686eb18b112
-
SHA1
7568eaa0efd8ee7e68c96039396389677df822da
-
SHA256
23a7c274f2cc0869be588d6ab18edda7b6e6092a80d62c5c782b4f7d6a2a747a
-
SHA512
5e782746c48e222c7a991e35cd53efb25c510491995df797e11187d5866b1c76a13a4503c9f1b1d08a55816747d77ec1f2a36bbcfc0c656979830e58d7060ddb
Static task
static1
Behavioral task
behavioral1
Sample
23a7c274f2cc0869be588d6ab18edda7b6e6092a80d62c5c782b4f7d6a2a747a.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
23a7c274f2cc0869be588d6ab18edda7b6e6092a80d62c5c782b4f7d6a2a747a.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
matiex
https://api.telegram.org/bot1402180145:AAG6hmg8QGRGiHQwRXC9wKOtIEyFy3aT6ms/sendMessage?chat_id=1299507057
Targets
-
-
Target
23a7c274f2cc0869be588d6ab18edda7b6e6092a80d62c5c782b4f7d6a2a747a
-
Size
595KB
-
MD5
84503c47129e8677ea66a686eb18b112
-
SHA1
7568eaa0efd8ee7e68c96039396389677df822da
-
SHA256
23a7c274f2cc0869be588d6ab18edda7b6e6092a80d62c5c782b4f7d6a2a747a
-
SHA512
5e782746c48e222c7a991e35cd53efb25c510491995df797e11187d5866b1c76a13a4503c9f1b1d08a55816747d77ec1f2a36bbcfc0c656979830e58d7060ddb
Score10/10-
Matiex Main Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-