General

  • Target

    03ba23a85802f57beed2d5c69453c6d2.exe

  • Size

    500KB

  • Sample

    210119-sgdy834ea2

  • MD5

    03ba23a85802f57beed2d5c69453c6d2

  • SHA1

    3d83f5623299630fd6f57a567ac048c7d1853dcb

  • SHA256

    39d7b97907b7836d51b332d85ecdbf4cd5fa55de562959a020a6752adeea4e1c

  • SHA512

    028c6edb097565b888589159fb7c8eb92604c333ac58cd075447eb369ae2cd071b85ee0ffdd427ec448fe1b3070adfe26ff5c28482b997a630f8f95b719e2974

Malware Config

Extracted

Family

matiex

C2

https://api.telegram.org/bot1271137457:AAFNGECSqnP1dXVAPgbr-EWVUDbzylXjmhg/sendMessage?chat_id=1216524090

Targets

    • Target

      03ba23a85802f57beed2d5c69453c6d2.exe

    • Size

      500KB

    • MD5

      03ba23a85802f57beed2d5c69453c6d2

    • SHA1

      3d83f5623299630fd6f57a567ac048c7d1853dcb

    • SHA256

      39d7b97907b7836d51b332d85ecdbf4cd5fa55de562959a020a6752adeea4e1c

    • SHA512

      028c6edb097565b888589159fb7c8eb92604c333ac58cd075447eb369ae2cd071b85ee0ffdd427ec448fe1b3070adfe26ff5c28482b997a630f8f95b719e2974

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

    • Matiex Main Payload

    • Drops startup file

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Collection

Data from Local System

2
T1005

Tasks