General
-
Target
PURCHASE ORDER 1.rar
-
Size
366KB
-
Sample
201116-v2h2b2ntmj
-
MD5
5cd64c49b4fa8c75e33e0eac633b1929
-
SHA1
a4b704ef19242e8f70f8c331bcea6d4b0e263cbc
-
SHA256
65522c342f0cd2781c90a3cb7176342ee51106250c77d64718708ab78922c742
-
SHA512
fd65fa657c4b9b3f18a621d7f56858fce6145c293df981f748273642570b6f097b310868f1480ef16add9ef34e3ec43d25e964c7d419cf75ef1652852ae2f237
Malware Config
Extracted
matiex
https://api.telegram.org/bot1446233835:AAFUBfbUnZ7JJIYwfK1VPiEf9YSnzaCuLXc/sendMessage?chat_id=1430605258
Targets
-
-
Target
PURCHASE ORDER (2).exe
-
Size
439KB
-
MD5
19171693b2069fc88260970235109256
-
SHA1
b4df7ddbb61980ae5f4e2712590a458e996b8be4
-
SHA256
4e7ee141bae54178faf8f656c6f01ac44a7d39bd0ac21f9193ce51a8b12d8252
-
SHA512
dbd535a6899eb6b6abaf31fc053762d9ac428aeb797ee686f54e1a06601330a03a9416f05a68fda95aac75d8dcfc05acdf2d07b9db47cb1b6748ee769eb262c0
Score10/10-
Matiex
Matiex is a keylogger and infostealer first seen in July 2020.
-
Matiex Main Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-