General
-
Target
SsSuaeML7312gbk.exe
-
Size
683KB
-
Sample
211111-t1y6wabfc8
-
MD5
b228b9a2a36d06fd91d942e464ef16bd
-
SHA1
8a974471c6336b046f08d17d8ba4c31d7d151b9c
-
SHA256
108f33743a4ef5a5008a666449da79ba8505820db73e7e5098cb90c2cdd0ee66
-
SHA512
cb14152f1284087fd4206a27eea79cc4d2f568f3fbc1e1962cf64d1e5b97a4c8d4cce1925fe910dea421f401e8d5c07cf0c632405ff2e26f72873662f9a3ad09
Malware Config
Extracted
matiex
https://api.telegram.org/bot1962824736:AAECUA300NkJ2NuTf0cKgva_k26j1y0NNHk/sendMessage?chat_id=457082756
Targets
-
-
Target
SsSuaeML7312gbk.exe
-
Size
683KB
-
MD5
b228b9a2a36d06fd91d942e464ef16bd
-
SHA1
8a974471c6336b046f08d17d8ba4c31d7d151b9c
-
SHA256
108f33743a4ef5a5008a666449da79ba8505820db73e7e5098cb90c2cdd0ee66
-
SHA512
cb14152f1284087fd4206a27eea79cc4d2f568f3fbc1e1962cf64d1e5b97a4c8d4cce1925fe910dea421f401e8d5c07cf0c632405ff2e26f72873662f9a3ad09
Score10/10-
Matiex
Matiex is a keylogger and infostealer first seen in July 2020.
-
Matiex Main Payload
-
Drops startup file
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-