General

  • Target

    sample-321929-136a6ad7a793382286ba689d1c351cf7.zip

  • Size

    879KB

  • Sample

    201205-hnwt92fel6

  • MD5

    cdf88f0ada03ad17bdcb4310c80ab141

  • SHA1

    11f171aaa49d6d208fd409b0720fde44c7d5730e

  • SHA256

    7158c2ece09b5059a43e7609391eaa8cb4c9d383351f0129da5dea7fe1864580

  • SHA512

    e1b9591b2a3399301f2e1fc5249e3eca9395476d2257246917d954cd4b54c386abea3a7eac4342903e4022d5c5492380ed1a3d3781ab3b263f67966c100de0c6

Malware Config

Extracted

Family

matiex

Credentials

  • Protocol:
    smtp
  • Host:
    ckfashion.shop
  • Port:
    26
  • Username:
    matiex@ckfashion.shop
  • Password:
    123Mat+++

Targets

    • Target

      IRS NOTICE LETTER.exe

    • Size

      1.1MB

    • MD5

      136a6ad7a793382286ba689d1c351cf7

    • SHA1

      4b290df02b03f0d59cadfcf8d68ea2ce8e66b32c

    • SHA256

      96428b7e2055ef7939a3ee5c4e694e2031848e26da110fd82eac33c4081564ee

    • SHA512

      014c7bf75c1ea0ff0fff73ed5dda0055fcde616a789f0d61945b903455189289ac936cdf87d41be538309e800786711454f69fb0cef79d52af4d38fe2e7b2317

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

    • Matiex Main Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Credential Access

Credentials in Files

3
T1081

Discovery

System Information Discovery

1
T1082

Collection

Data from Local System

3
T1005

Tasks