General
-
Target
36a301b3b91f34a31803fcf6954a083196d1d2d59a21a532f43ca003e294af38
-
Size
242KB
-
Sample
220521-b6nm8adag7
-
MD5
2065819d2482bcac4b2c20ddeaa55836
-
SHA1
153b5b4800216d805ef488fbc2e1ba8dc46ac8b6
-
SHA256
36a301b3b91f34a31803fcf6954a083196d1d2d59a21a532f43ca003e294af38
-
SHA512
b61baf598dc9c1f1da191af0732c2271b1e34949808b32da90697d146110e87a8923c0353ee3cc6c8343ecb031e60d26e94ba0471364ada922f76e5b6a6ef844
Static task
static1
Behavioral task
behavioral1
Sample
WINDOW-DEFENDER_update.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
WINDOW-DEFENDER_update.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
matiex
https://api.telegram.org/bot1216271892:AAEn1Tw6TUedDgDlack_UbEaK5yRAySruSY/sendMessage?chat_id=1318177442
Targets
-
-
Target
WINDOW-DEFENDER_update.exe
-
Size
297KB
-
MD5
442f5757df84d4f7f7fb1d7ea822feb9
-
SHA1
8ea3a6ef71a980a5c530d3d20b875e795dbdda73
-
SHA256
f1932e7fd5027c22bcc2f2796a2916d3089e70863ccf8c9ca40af01cdf34206f
-
SHA512
3e64ebf4fcff483a90f411eb9a49179f859f9fc9bcb64f63f753777bd62c9e2383a6ad949f4baa479087f7970e02c0218ef09bdf1b0c6ba67b58f8b2a72bc026
Score10/10-
Matiex Main Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-