General
-
Target
f63f61ec94af821134ae2a1dd3fdf374f86a61316db15d044e0e343c41d99a17
-
Size
858KB
-
Sample
220309-r73rjahed9
-
MD5
10fb987bae3f8513ebd149657ba542ba
-
SHA1
c506b003b7c8a90501be33e4d7477cd0aa50f84d
-
SHA256
f63f61ec94af821134ae2a1dd3fdf374f86a61316db15d044e0e343c41d99a17
-
SHA512
68afde759f6f4a5ccaa44260e96a0c56b53157e58ef9a933dbcded53d0125bc198422c86f16871fc130b836e1172ddd5fbb791a3d7d46ea1d37915cdb3c595b3
Malware Config
Extracted
matiex
https://api.telegram.org/bot1379319539:AAFQ7f96r1-8ijh6-Hym9Weh67R1ZdDQt0g/sendMessage?chat_id=1472166686
Targets
-
-
Target
f63f61ec94af821134ae2a1dd3fdf374f86a61316db15d044e0e343c41d99a17
-
Size
858KB
-
MD5
10fb987bae3f8513ebd149657ba542ba
-
SHA1
c506b003b7c8a90501be33e4d7477cd0aa50f84d
-
SHA256
f63f61ec94af821134ae2a1dd3fdf374f86a61316db15d044e0e343c41d99a17
-
SHA512
68afde759f6f4a5ccaa44260e96a0c56b53157e58ef9a933dbcded53d0125bc198422c86f16871fc130b836e1172ddd5fbb791a3d7d46ea1d37915cdb3c595b3
Score10/10-
Matiex
Matiex is a keylogger and infostealer first seen in July 2020.
-
Matiex Main Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-