General
-
Target
0127b631f8153cab11f6e747068acd58681a796de0e2e02384b2860fe290ecd8
-
Size
207KB
-
Sample
220503-scqzxsccam
-
MD5
320a9f6f760b86523b0a1c001a6ed0ed
-
SHA1
a999e25f9d5c756c65ae764e65992b2c388275f7
-
SHA256
0127b631f8153cab11f6e747068acd58681a796de0e2e02384b2860fe290ecd8
-
SHA512
2e4ee5836e8de0161d440b414812c2abc9a159d67ae177bb4bfd593ef2bd710a9b03b6716b457f40f7ffb7e80e80eb8413095bac185b9071cf8785bfb26cb73f
Static task
static1
Behavioral task
behavioral1
Sample
46.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
46.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
matiex
https://api.telegram.org/bot1395392888:AAFrJovDdZICOFB0gX0eGWrAUzEKCRpv8xo/sendMessage?chat_id=1300181783
Targets
-
-
Target
46.exe
-
Size
614KB
-
MD5
cc40d2d6a71943c5712838d6a70a0180
-
SHA1
64395b42fd6dfe0963715d4ac74735f2a652fa98
-
SHA256
51b38eda3fdba167788761800c8fe3d37882f4a0cebf94d2847809c00cd8459e
-
SHA512
e0ad4c63a7b83f685d81ea6bf1d5b833f1b876ffa9aef2b570ed028bd47b49f03bbaf2d3d63043182b880d2b1d3354a772438301f958e1d14fca1393119b85f9
Score10/10-
Matiex Main Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-