General

  • Target

    ae7df639d022f1b5c905da288b7b96ec.exe

  • Size

    796KB

  • Sample

    210106-58v9pn9pse

  • MD5

    ae7df639d022f1b5c905da288b7b96ec

  • SHA1

    33ed97231b65d0c7388de55ff262f6c778b0e144

  • SHA256

    5267ff61c4ea8ae53b6c1566e90464e062db1f16704d04c4d1f6653e0a3ccc95

  • SHA512

    f3272dff37fae2e28e05d06d8e39da8c7f4b6f0f80af57a3c84f225c6259580e3a0a7356cdd81d966d059946487b03d1ee417f91fda228720e46cf51e5c8b7b0

Malware Config

Extracted

Family

matiex

Credentials

  • Protocol:
    smtp
  • Host:
    mail.metauxsud.com
  • Port:
    587
  • Username:
    mtoks@metauxsud.com
  • Password:
    Tx$6#dMqO7up

Targets

    • Target

      ae7df639d022f1b5c905da288b7b96ec.exe

    • Size

      796KB

    • MD5

      ae7df639d022f1b5c905da288b7b96ec

    • SHA1

      33ed97231b65d0c7388de55ff262f6c778b0e144

    • SHA256

      5267ff61c4ea8ae53b6c1566e90464e062db1f16704d04c4d1f6653e0a3ccc95

    • SHA512

      f3272dff37fae2e28e05d06d8e39da8c7f4b6f0f80af57a3c84f225c6259580e3a0a7356cdd81d966d059946487b03d1ee417f91fda228720e46cf51e5c8b7b0

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

    • Matiex Main Payload

    • Deletes itself

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

System Information Discovery

1
T1082

Collection

Data from Local System

2
T1005

Tasks