General
-
Target
8b899e8cbf23c5463bf7aaadf1b161298b96c260a7f87b3376142424237fcae3
-
Size
502KB
-
Sample
220503-zjbxxacbh8
-
MD5
e50d6473f8216eef84d2588748685546
-
SHA1
f13f322d8a2fc2b0594343147cefc7057ffd482e
-
SHA256
8b899e8cbf23c5463bf7aaadf1b161298b96c260a7f87b3376142424237fcae3
-
SHA512
a4f692a3ed9ea212cc34dc6ba0aa7c2322e19012f58b406c944eaf422b3f2c1caf459ada5ad7e82f6d9cf17b85adbe2d00600784b244e91e29c722639ee22b44
Static task
static1
Behavioral task
behavioral1
Sample
gsxp5mkd0ACsDub.exe
Resource
win7-20220414-en
Malware Config
Extracted
matiex
https://api.telegram.org/bot1395392888:AAFrJovDdZICOFB0gX0eGWrAUzEKCRpv8xo/sendMessage?chat_id=1300181783
Targets
-
-
Target
gsxp5mkd0ACsDub.exe
-
Size
949KB
-
MD5
ac9577cdc33e7cf5cd3193d9a02b5ee6
-
SHA1
3ca264ffe003d0a1c3b196169ed5cf672b3b1794
-
SHA256
e1f6a0b698c957d92bc86fdaf9add81405fc26c716f691fb34148485a93de97c
-
SHA512
0f9b55ff971e618a53f2366f2a2dc7236ef513dffd561e0e0eb97c3166a738ae754ad9ea83e9d8803639c91f8bc8b90a843ca1a6fb854c7b8b978e88edb3e54a
-
Matiex Main Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-