b1b2e4feae64fb2c5cffe6b5021dfc89.exe

General
Target

b1b2e4feae64fb2c5cffe6b5021dfc89.exe

Size

1MB

Sample

210122-jcczz8znf6

Score
10 /10
MD5

b1b2e4feae64fb2c5cffe6b5021dfc89

SHA1

6136733b5990a3a68cd01221e0f3dad4a7ddeaa9

SHA256

4d9d6fc917cb1b46fd579b2d962af49850ce5e48b27a60a0c99e3426db649327

SHA512

b063746dd37440d2afe1897139066cb311d60951e13ab9c0b46c862c9fe99143d0d9dc58ce24d639cd6068a71a62a5a34fe60a8107214aae3f466bb1087f3523

Malware Config

Extracted

Protocol smtp
Host srvc13.turhost.com
Port 587
Username info@bilgitekdagitim.com
Password italik2015
Targets
Target

b1b2e4feae64fb2c5cffe6b5021dfc89.exe

MD5

b1b2e4feae64fb2c5cffe6b5021dfc89

Filesize

1MB

Score
10 /10
SHA1

6136733b5990a3a68cd01221e0f3dad4a7ddeaa9

SHA256

4d9d6fc917cb1b46fd579b2d962af49850ce5e48b27a60a0c99e3426db649327

SHA512

b063746dd37440d2afe1897139066cb311d60951e13ab9c0b46c862c9fe99143d0d9dc58ce24d639cd6068a71a62a5a34fe60a8107214aae3f466bb1087f3523

Tags

Signatures

  • Matiex

    Description

    Matiex is a keylogger and infostealer first seen in July 2020.

    Tags

  • Matiex Main Payload

  • Reads data files stored by FTP clients

    Description

    Tries to access configuration files associated with programs like FileZilla.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of local email clients

    Description

    Email clients store some user data on disk where infostealers will often target it.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                  Privilege Escalation
                    Tasks

                    static1

                    behavioral1

                    10/10

                    behavioral2

                    10/10