General
-
Target
wCRnCAMZ3yT8BQ2.exe
-
Size
938KB
-
Sample
210112-shwkgn65vs
-
MD5
2363f93331fc792ae9cb5750043bdc89
-
SHA1
2fc0b7b4106a28ffe7f63f36ff64fe045e8f7daa
-
SHA256
08c29dfa0ccb747751c5ff3ccde88f7f8a5a87152121f75f60a886b14e86bf00
-
SHA512
a4a47c39e03c22844725b51ffd56f3ae01e9095733e8442eaba1fcf0e3a0e1edb127a6bf4b5ab8063614829db27919dea5a0e62f9e7d320e625fc498a603ad3e
Malware Config
Extracted
matiex
Protocol: smtp- Host:
smtp.privateemail.com - Port:
587 - Username:
sales01@seedwellresources.xyz - Password:
MARYolanmauluogwo@ever
Targets
-
-
Target
wCRnCAMZ3yT8BQ2.exe
-
Size
938KB
-
MD5
2363f93331fc792ae9cb5750043bdc89
-
SHA1
2fc0b7b4106a28ffe7f63f36ff64fe045e8f7daa
-
SHA256
08c29dfa0ccb747751c5ff3ccde88f7f8a5a87152121f75f60a886b14e86bf00
-
SHA512
a4a47c39e03c22844725b51ffd56f3ae01e9095733e8442eaba1fcf0e3a0e1edb127a6bf4b5ab8063614829db27919dea5a0e62f9e7d320e625fc498a603ad3e
Score10/10-
Matiex
Matiex is a keylogger and infostealer first seen in July 2020.
-
Matiex Main Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-