General
-
Target
sample-326259-9a44b1b88e13eb4719e1bf1d416c3c5d.zip
-
Size
739KB
-
Sample
201205-8e331y1gb6
-
MD5
ed1b4adc71b7f2756f43e26b939f0b5d
-
SHA1
b4b55b0d65b3abf5c9ee4b4d19c2abfffd998ce8
-
SHA256
24cb7ddefda210a0ec3e8e4aea6ea96397ae4a55200fc08d2a737272c2c102c3
-
SHA512
e65381150125f2397589c174c3921c1e7e60fc5ab269abcf1f84c8a34312ee44c070dc80dd7994e868c68f21ecd2b274bff04fdfda76d396b71b1c65a08e98d9
Malware Config
Extracted
matiex
https://api.telegram.org/bot1379319539:AAFQ7f96r1-8ijh6-Hym9Weh67R1ZdDQt0g/sendMessage?chat_id=1472166686
Targets
-
-
Target
Quote.exe
-
Size
887KB
-
MD5
9a44b1b88e13eb4719e1bf1d416c3c5d
-
SHA1
1bb55c3f3a34b79cd2753d14e7d1b2e34a861e4f
-
SHA256
0d74ff32725b829a6af1658c2228c4990a39f310c0c48dea01c8ac467840453f
-
SHA512
53341ecb3e83186dc109af3e936c0a166b0ed4d3cd6a7c20d9f786330cfb9953ea300a04f46cfe725c3b581bea00a6e84c49d9472ab900bd9fb847ca99bcb8f8
Score10/10-
Matiex
Matiex is a keylogger and infostealer first seen in July 2020.
-
Matiex Main Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-