General
-
Target
Enijidjm.exe
-
Size
111KB
-
Sample
220211-j9kpqscdb3
-
MD5
dda708bbd533046daf479fd123f75cda
-
SHA1
b8dc0fa033f434eafe46df7c0320676c866814cb
-
SHA256
f442097ffe0336d6712267088a4368aa539f51f7ea7d1e950da88c6a42f1b29e
-
SHA512
b6c983e27964446d6c8c3dcb6f03d0cbb957fd2c2cbe2888444372a4a3b69b22d3e9b3e401972aa5b365bc6b810dbffef9aa0aaeb50bf8e31f720f173b961e58
Malware Config
Extracted
Protocol: smtp- Host:
serv3.devmexico.com - Port:
587 - Username:
[email protected] - Password:
3}l^pI#_4K_!
Extracted
matiex
Protocol: smtp- Host:
serv3.devmexico.com - Port:
587 - Username:
[email protected] - Password:
3}l^pI#_4K_! - Email To:
[email protected]
Targets
-
-
Target
Enijidjm.exe
-
Size
111KB
-
MD5
dda708bbd533046daf479fd123f75cda
-
SHA1
b8dc0fa033f434eafe46df7c0320676c866814cb
-
SHA256
f442097ffe0336d6712267088a4368aa539f51f7ea7d1e950da88c6a42f1b29e
-
SHA512
b6c983e27964446d6c8c3dcb6f03d0cbb957fd2c2cbe2888444372a4a3b69b22d3e9b3e401972aa5b365bc6b810dbffef9aa0aaeb50bf8e31f720f173b961e58
Score10/10-
Matiex
Matiex is a keylogger and infostealer first seen in July 2020.
-
Matiex Main Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-