General
-
Target
af5294cacf991f14f15ce90f8be38188b54e46d4fd1d8f509f946d8cde3ef3ae
-
Size
468KB
-
Sample
220324-yssrcadgc2
-
MD5
6d054ce190fd0da92b895d7cb5397b03
-
SHA1
3bd56aa669000a6c19223bda713dc313f8279771
-
SHA256
af5294cacf991f14f15ce90f8be38188b54e46d4fd1d8f509f946d8cde3ef3ae
-
SHA512
58697957dde090133d027b13a18d462c786ac41c11c32faef0b2751e30b37530e0ec9368c3beac6f4077e1d42f89a1a76eb95cacf3c93a2b0d5e8411fcec2e29
Malware Config
Extracted
matiex
https://api.telegram.org/bot1428011164:AAFKIFGek20EZJPbNxOt7K2R-Cf-IiVGehs/sendMessage?chat_id=1280541017
Targets
-
-
Target
af5294cacf991f14f15ce90f8be38188b54e46d4fd1d8f509f946d8cde3ef3ae
-
Size
468KB
-
MD5
6d054ce190fd0da92b895d7cb5397b03
-
SHA1
3bd56aa669000a6c19223bda713dc313f8279771
-
SHA256
af5294cacf991f14f15ce90f8be38188b54e46d4fd1d8f509f946d8cde3ef3ae
-
SHA512
58697957dde090133d027b13a18d462c786ac41c11c32faef0b2751e30b37530e0ec9368c3beac6f4077e1d42f89a1a76eb95cacf3c93a2b0d5e8411fcec2e29
Score10/10-
Matiex
Matiex is a keylogger and infostealer first seen in July 2020.
-
Matiex Main Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-