General
-
Target
f4b29519255e0d839cac6027463fc12016f0f94faa2c201901f516489ec9a0ef
-
Size
995KB
-
Sample
220501-3twa3segd4
-
MD5
05a8fd3356cef3603e257335d54b1804
-
SHA1
beea500b48ec4702359a2c7973fb0d29aecead28
-
SHA256
f4b29519255e0d839cac6027463fc12016f0f94faa2c201901f516489ec9a0ef
-
SHA512
4b4885209ec3b1d7dbcf6618cbbadd35eeede391cbd08fc0792166632fe320d8e9632437a85613c008703f700b41abeb18a575136c68a72cd3b56bce8b279870
Static task
static1
Behavioral task
behavioral1
Sample
f4b29519255e0d839cac6027463fc12016f0f94faa2c201901f516489ec9a0ef.exe
Resource
win7-20220414-en
Malware Config
Extracted
matiex
https://api.telegram.org/bot1329208090:AAED2kwCe6Uq4WmAg--eYiyQfDEc5qPX0D4/sendMessage?chat_id=1299117268
Targets
-
-
Target
f4b29519255e0d839cac6027463fc12016f0f94faa2c201901f516489ec9a0ef
-
Size
995KB
-
MD5
05a8fd3356cef3603e257335d54b1804
-
SHA1
beea500b48ec4702359a2c7973fb0d29aecead28
-
SHA256
f4b29519255e0d839cac6027463fc12016f0f94faa2c201901f516489ec9a0ef
-
SHA512
4b4885209ec3b1d7dbcf6618cbbadd35eeede391cbd08fc0792166632fe320d8e9632437a85613c008703f700b41abeb18a575136c68a72cd3b56bce8b279870
Score10/10-
Matiex Main Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-