General

  • Target

    INVOICE RECEIPT NO253334.exe

  • Size

    455KB

  • Sample

    210726-cn1y27ales

  • MD5

    c6b4a2eb53f687988c0427cf752d429f

  • SHA1

    d6b3299043950047524087631f72375b68bfc36d

  • SHA256

    786a583ea35093cc588069ed3b8d4dd6dbe8e9edfe68569d3752c6da82db0de1

  • SHA512

    ded0daa7672ade2aabf1695c67441c0c488b8f44170ebd438105936eeac2a4d9fb7da1aef48565bb42caf6807eb4f0157a0de43ddf4731e5d3c428e8cf034dee

Malware Config

Extracted

Family

matiex

C2

https://api.telegram.org/bot1718729558:AAFUftnJNVxfQZ7XrIUEpE1UiXHAYPc6VAQ/sendMessage?chat_id=1841930277

Targets

    • Target

      INVOICE RECEIPT NO253334.exe

    • Size

      455KB

    • MD5

      c6b4a2eb53f687988c0427cf752d429f

    • SHA1

      d6b3299043950047524087631f72375b68bfc36d

    • SHA256

      786a583ea35093cc588069ed3b8d4dd6dbe8e9edfe68569d3752c6da82db0de1

    • SHA512

      ded0daa7672ade2aabf1695c67441c0c488b8f44170ebd438105936eeac2a4d9fb7da1aef48565bb42caf6807eb4f0157a0de43ddf4731e5d3c428e8cf034dee

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

    • Matiex Main Payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks