General
-
Target
er.exe
-
Size
24KB
-
Sample
210125-bvke334hdn
-
MD5
612be75dd32e0576d23e8188afd4a489
-
SHA1
4fb53cf9f43b8d6ab16577c98aa7bbba5986b296
-
SHA256
b37892c9f8b0b73345bd8f5b47faa274495f1f7b986013f62a4a005ed40b4db4
-
SHA512
c7b2e326c90f0696babfa621202924553671f75cb2cd86970c00e156b9e5d3290b9494e9ece7825f9f5b0f876ae509a1e50c43ab7b88ebeaebd5c5512643e2f8
Malware Config
Extracted
matiex
Protocol: smtp- Host:
ckfashion.shop - Port:
26 - Username:
[email protected] - Password:
123Mat+++
Targets
-
-
Target
er.exe
-
Size
24KB
-
MD5
612be75dd32e0576d23e8188afd4a489
-
SHA1
4fb53cf9f43b8d6ab16577c98aa7bbba5986b296
-
SHA256
b37892c9f8b0b73345bd8f5b47faa274495f1f7b986013f62a4a005ed40b4db4
-
SHA512
c7b2e326c90f0696babfa621202924553671f75cb2cd86970c00e156b9e5d3290b9494e9ece7825f9f5b0f876ae509a1e50c43ab7b88ebeaebd5c5512643e2f8
Score10/10-
Matiex
Matiex is a keylogger and infostealer first seen in July 2020.
-
Matiex Main Payload
-
Blocklisted process makes network request
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-