General
-
Target
19BKni4oVPSkMpM.exe
-
Size
823KB
-
Sample
220208-vpr4vsbegm
-
MD5
3163bfab1904c335621f58adde66b273
-
SHA1
32d44d6fe5b1eaf43664b07555691d3259222f45
-
SHA256
e5307ece7f7dd013da8df55abe6bc4b1b466cdb4b628a5c684635753f91f0477
-
SHA512
53d6a314017ab70bfd0574405f7d9674d95b3f7926af8016856f449e91e4788d158bee6832dd033ec1878c2c6774e2e9b4467077ce0e53ce06b767059b1f97f2
Malware Config
Extracted
matiex
https://api.telegram.org/bot1769394961:AAF5BB35akL859CwVaXypIqpVsGWlaKvi7A/sendMessage?chat_id=1735544933
Targets
-
-
Target
19BKni4oVPSkMpM.exe
-
Size
823KB
-
MD5
3163bfab1904c335621f58adde66b273
-
SHA1
32d44d6fe5b1eaf43664b07555691d3259222f45
-
SHA256
e5307ece7f7dd013da8df55abe6bc4b1b466cdb4b628a5c684635753f91f0477
-
SHA512
53d6a314017ab70bfd0574405f7d9674d95b3f7926af8016856f449e91e4788d158bee6832dd033ec1878c2c6774e2e9b4467077ce0e53ce06b767059b1f97f2
Score10/10-
Matiex
Matiex is a keylogger and infostealer first seen in July 2020.
-
Matiex Main Payload
-
suricata: ET MALWARE Matiex Keylogger Exfil Via Telegram
suricata: ET MALWARE Matiex Keylogger Exfil Via Telegram
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-