General
-
Target
e9b3b04a100743999604de3bac9da0c68b624799d6a368ee36f9dd788f47f5b5
-
Size
1.2MB
-
Sample
220520-rggrdaffc9
-
MD5
ec3b3a6e4797d144c8d57560f58a5492
-
SHA1
1936dcce02974b80d8913df1c83abe7d232c6e4e
-
SHA256
e9b3b04a100743999604de3bac9da0c68b624799d6a368ee36f9dd788f47f5b5
-
SHA512
ef42248c7bd65ce226601ad7dcf8b69f9e32416eac2755601473820b66013b0a9894a5110a7d7d47c2eb55662317538659533869db5e9afe11fdbc10677a1bd7
Static task
static1
Behavioral task
behavioral1
Sample
BOSSSMAN.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
BOSSSMAN.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
matiex
https://api.telegram.org/bot1349136320:AAF_leU6IwK-rjQSNBBUahnIxBl79Wj_x7E/sendMessage?chat_id=1097126233
Targets
-
-
Target
BOSSSMAN.EXE
-
Size
644KB
-
MD5
4f338356047edd4cb0539e2cf2f578c4
-
SHA1
7b3e3d83ab3a18c4a5b83fc81c974356a483b2dd
-
SHA256
94d2d1aeebeff231fe2536de9f0d7eb42f80686b30ee6a54e3019670f381b943
-
SHA512
569bfd7374f6ac810d1d99c1a67695a0fe39fdf7ee703e007368aee7614dc7032c5745c0a52af8c5b1307b0f0a793464a89030e9fd0ec9f6e1c20da516850225
Score10/10-
Matiex Main Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-