General
-
Target
purchase.exe
-
Size
523KB
-
Sample
201221-56gvn59242
-
MD5
4f0f5333176758254faf1b18a35ea925
-
SHA1
355e93fb50fb7d67e844bfe408462828b96f2565
-
SHA256
79a907e747dc5b0a4d2594b3365aa71f26b636380b06db8f257ef4ec47b4555f
-
SHA512
a85fb4c8af2585bc2e1bd47f323e151e04caec6926af76af67bb031db5b2abc60ffcfc85e2ff962461586e957fa08181dfe1107e54ba6973bdea2df730f6410d
Malware Config
Extracted
matiex
https://api.telegram.org/bot1336613640:AAGGq5LL3mwkNVhiwT8GF2n6V8PUAYwnbxI/sendMessage?chat_id=820431583
Targets
-
-
Target
purchase.exe
-
Size
523KB
-
MD5
4f0f5333176758254faf1b18a35ea925
-
SHA1
355e93fb50fb7d67e844bfe408462828b96f2565
-
SHA256
79a907e747dc5b0a4d2594b3365aa71f26b636380b06db8f257ef4ec47b4555f
-
SHA512
a85fb4c8af2585bc2e1bd47f323e151e04caec6926af76af67bb031db5b2abc60ffcfc85e2ff962461586e957fa08181dfe1107e54ba6973bdea2df730f6410d
Score10/10-
Matiex
Matiex is a keylogger and infostealer first seen in July 2020.
-
Matiex Main Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-