General

  • Target

    Payment Notification.exe

  • Size

    1.0MB

  • Sample

    210114-bchnyt3frs

  • MD5

    22d61a1e0f48b05fec1a4cf9da160b16

  • SHA1

    68826094caeffc43d24ddf0d2ad1c6ed5e961272

  • SHA256

    78f08071af81517d374179110b8018fce8d6670abd110ab76fdf811a08761ad4

  • SHA512

    760c4b4b9fdc3fca93129a0bc973e27bbe8e9d696baae51509a70dc8a8f0fc1ad8a1fa5801c9f21cacfea66bc728de1102f868d1a348fde1350f42d337d2df5d

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.revistaeducar.com.ar
  • Port:
    25
  • Username:
    smtp-1a2c5@revistaeducar.com.ar
  • Password:
    somchai#3774

Extracted

Family

matiex

Credentials

  • Protocol:
    smtp
  • Host:
    mail.revistaeducar.com.ar
  • Port:
    25
  • Username:
    smtp-1a2c5@revistaeducar.com.ar
  • Password:
    somchai#3774

Targets

    • Target

      Payment Notification.exe

    • Size

      1.0MB

    • MD5

      22d61a1e0f48b05fec1a4cf9da160b16

    • SHA1

      68826094caeffc43d24ddf0d2ad1c6ed5e961272

    • SHA256

      78f08071af81517d374179110b8018fce8d6670abd110ab76fdf811a08761ad4

    • SHA512

      760c4b4b9fdc3fca93129a0bc973e27bbe8e9d696baae51509a70dc8a8f0fc1ad8a1fa5801c9f21cacfea66bc728de1102f868d1a348fde1350f42d337d2df5d

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

    • Matiex Main Payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

System Information Discovery

1
T1082

Tasks