General
-
Target
28a9b97d2fe877db717765b1370bf505
-
Size
791KB
-
Sample
231231-fck3fsgcc2
-
MD5
28a9b97d2fe877db717765b1370bf505
-
SHA1
b3381f7e44a4449332b602c5d4a40656575e3305
-
SHA256
0d299a6d58a64c85f7ecad8788c760a802dac518532447381f4fd1ad2f422068
-
SHA512
b779ccac3a3c2b7094ff114e83e60bc07c0c0e29b720952cc704baf44599a7436999c39ac1d73f6b29ea98bd1e897fe879c27ecfe3ac5758ba3c9f931266416f
-
SSDEEP
12288:GEok+AOmFJbSBKiO6U8amEtwyaHgT7CTgVbPfOvWmJqXw12ZuH1th1Vul19KAzeZ:kEigvKIo0K
Static task
static1
Behavioral task
behavioral1
Sample
28a9b97d2fe877db717765b1370bf505.exe
Resource
win7-20231215-en
Malware Config
Extracted
matiex
https://api.telegram.org/bot1395392888:AAFrJovDdZICOFB0gX0eGWrAUzEKCRpv8xo/sendMessage?chat_id=1300181783
Targets
-
-
Target
28a9b97d2fe877db717765b1370bf505
-
Size
791KB
-
MD5
28a9b97d2fe877db717765b1370bf505
-
SHA1
b3381f7e44a4449332b602c5d4a40656575e3305
-
SHA256
0d299a6d58a64c85f7ecad8788c760a802dac518532447381f4fd1ad2f422068
-
SHA512
b779ccac3a3c2b7094ff114e83e60bc07c0c0e29b720952cc704baf44599a7436999c39ac1d73f6b29ea98bd1e897fe879c27ecfe3ac5758ba3c9f931266416f
-
SSDEEP
12288:GEok+AOmFJbSBKiO6U8amEtwyaHgT7CTgVbPfOvWmJqXw12ZuH1th1Vul19KAzeZ:kEigvKIo0K
-
Detect ZGRat V1
-
Matiex Main payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-