General
-
Target
ac52db0c62fac74e6708635ac3db5f46.exe
-
Size
343KB
-
Sample
211011-l7yvpaggfp
-
MD5
ac52db0c62fac74e6708635ac3db5f46
-
SHA1
0f35104cb6938b60cabbaf6257975792d5399024
-
SHA256
cd4d29b138b75a9d1a10fa7d724168ae155ef7779d97c042e8014b9ae6f93087
-
SHA512
95953124e75a38ed27ad6e60cbe0f9e952d5d367237784a3c0b47ed7d5fa30846f61a575458e3880b8f0539924cfd029983aa46a137db5ff5152e82140df7925
Malware Config
Extracted
matiex
https://api.telegram.org/bot1395392888:AAFrJovDdZICOFB0gX0eGWrAUzEKCRpv8xo/sendMessage?chat_id=1300181783
Targets
-
-
Target
ac52db0c62fac74e6708635ac3db5f46.exe
-
Size
343KB
-
MD5
ac52db0c62fac74e6708635ac3db5f46
-
SHA1
0f35104cb6938b60cabbaf6257975792d5399024
-
SHA256
cd4d29b138b75a9d1a10fa7d724168ae155ef7779d97c042e8014b9ae6f93087
-
SHA512
95953124e75a38ed27ad6e60cbe0f9e952d5d367237784a3c0b47ed7d5fa30846f61a575458e3880b8f0539924cfd029983aa46a137db5ff5152e82140df7925
Score10/10-
Matiex
Matiex is a keylogger and infostealer first seen in July 2020.
-
Matiex Main Payload
-
suricata: ET MALWARE Matiex Keylogger Exfil Via Telegram
suricata: ET MALWARE Matiex Keylogger Exfil Via Telegram
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-