General
-
Target
876545678909876543.exe
-
Size
344KB
-
Sample
210929-ma7l1aeee9
-
MD5
4242ff7610974691b438ff0a051541b7
-
SHA1
ea9d76d9f9978dba36a9d2d4ab3e0f3db8f0f9d4
-
SHA256
9bda87480b1435f3e0b3df9bb2a1290a1ef712b0e8d0e5ab88f40d852ad5d826
-
SHA512
706060df05fc2af7ffc8d7da4c0077b1b36c0cc4c212e09e61aff1231a50f3d2272bb49b2551b2e748083124c205a8548e26cb035521763afb3f7ef63e44b4f3
Malware Config
Extracted
matiex
https://api.telegram.org/bot1395392888:AAFrJovDdZICOFB0gX0eGWrAUzEKCRpv8xo/sendMessage?chat_id=1300181783
Targets
-
-
Target
876545678909876543.exe
-
Size
344KB
-
MD5
4242ff7610974691b438ff0a051541b7
-
SHA1
ea9d76d9f9978dba36a9d2d4ab3e0f3db8f0f9d4
-
SHA256
9bda87480b1435f3e0b3df9bb2a1290a1ef712b0e8d0e5ab88f40d852ad5d826
-
SHA512
706060df05fc2af7ffc8d7da4c0077b1b36c0cc4c212e09e61aff1231a50f3d2272bb49b2551b2e748083124c205a8548e26cb035521763afb3f7ef63e44b4f3
Score10/10-
Matiex
Matiex is a keylogger and infostealer first seen in July 2020.
-
Matiex Main Payload
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-