General
-
Target
Payment Confirmation TT reference po.rar
-
Size
478KB
-
Sample
210927-nal6qsgff6
-
MD5
95ee878a4f3a47f96bd0131b7b70bec0
-
SHA1
4c4b4696d7bbfcf3375b6b4d705ceb8691bd712e
-
SHA256
aa0503fb55d426770f3ab5f06f6f708ca768b72cfede1d477c7b5ddf97cb4589
-
SHA512
618830372f1e98f5712b368aa03b9d3cb0a22adc2c2befcaddf1635fa73d347bd16257963e94c176838cad5a75c81186e1e9b72571da3edf4d493b665a246290
Malware Config
Extracted
Protocol: smtp- Host:
mail.thts.vn - Port:
25 - Username:
[email protected] - Password:
123luongngan1989
Extracted
matiex
Protocol: smtp- Host:
mail.thts.vn - Port:
25 - Username:
[email protected] - Password:
123luongngan1989
Targets
-
-
Target
Payment Confirmation TT reference po.exe
-
Size
807KB
-
MD5
188d87dcba1c1d16b8779e05981c74c3
-
SHA1
7503fee46ec790d3f76df6c14a0968504adfc886
-
SHA256
402c8c6acc052173c55e48fe8228ae54db5b90be8ca3ab3d2050530b58c80b56
-
SHA512
94066967f5bd3b9b331ffbb65bf3431421b7cebf95b940a70edbafef7def654c647b9fe04e4741d6a919b58b9ed4555e81c846e113b66461b38f0b299e17abdc
Score10/10-
Matiex
Matiex is a keylogger and infostealer first seen in July 2020.
-
Matiex Main Payload
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-