General
-
Target
a9f6f4a036a29fa164f0f74cef5fb57171ad599e04ec25b02a78c59cdcdecdd3
-
Size
216KB
-
Sample
220503-y3deeabgc8
-
MD5
d7b54b65df1fdbcc8dabdb642e3d6110
-
SHA1
02eaa6af47414a82d733372e540dc41157bb59a4
-
SHA256
a9f6f4a036a29fa164f0f74cef5fb57171ad599e04ec25b02a78c59cdcdecdd3
-
SHA512
baf3b74e1d7d5149e3b5bceecb59adbd8c327bb49f75fafe0896b1e8d8c7c9dd8d58a49c058c20503f017e0542a076880280b1b01e92d003bce1b252d25cc47a
Static task
static1
Behavioral task
behavioral1
Sample
4797508E2-20F2-42C-879A-1C35.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
4797508E2-20F2-42C-879A-1C35.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
matiex
https://api.telegram.org/bot1395392888:AAFrJovDdZICOFB0gX0eGWrAUzEKCRpv8xo/sendMessage?chat_id=1300181783
Targets
-
-
Target
4797508E2-20F2-42C-879A-1C35.exe
-
Size
628KB
-
MD5
6a44a7c90b737edd4143bd8332a61f11
-
SHA1
f9b37b7558a73bee19865141964687c53d3808db
-
SHA256
bc3d62c45c60396f1896ca688f72acc91af5412bedd3d1c7ec3f6b1e3891f198
-
SHA512
319ef283cce7d0a0c30d5c8a72c701bdcbe1a311a51b0b411710a2e56e191283e430a6082c907cccffcd95cc5a26761c8d4eeae6ac6d424c38d80a1e41d6cb6d
Score10/10-
Matiex Main Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-