General
-
Target
680ead0c089f69dff1932fa58d8b72959565a8959a886520720e79be7d5c08d2
-
Size
11.3MB
-
Sample
220326-jag5kaaaa8
-
MD5
3f3c964143f2609ba953c8648f0ff5b2
-
SHA1
4eebac115f1a5ecb1061c6eb89e707b512ea4549
-
SHA256
680ead0c089f69dff1932fa58d8b72959565a8959a886520720e79be7d5c08d2
-
SHA512
dd8e51f76da847dee7d10af0fd47fe4a4f237a915cdd5c67976ce016ae9c9e7f0419cb1d91d17e7b6765050536de7b886643e380c0dc865fc79c2b79a6b7e754
Malware Config
Extracted
matiex
Protocol: smtp- Host:
smtp.privateemail.com - Port:
587 - Username:
[email protected] - Password:
MARYolanmauluogwo@ever
Targets
-
-
Target
680ead0c089f69dff1932fa58d8b72959565a8959a886520720e79be7d5c08d2
-
Size
11.3MB
-
MD5
3f3c964143f2609ba953c8648f0ff5b2
-
SHA1
4eebac115f1a5ecb1061c6eb89e707b512ea4549
-
SHA256
680ead0c089f69dff1932fa58d8b72959565a8959a886520720e79be7d5c08d2
-
SHA512
dd8e51f76da847dee7d10af0fd47fe4a4f237a915cdd5c67976ce016ae9c9e7f0419cb1d91d17e7b6765050536de7b886643e380c0dc865fc79c2b79a6b7e754
Score10/10-
Matiex
Matiex is a keylogger and infostealer first seen in July 2020.
-
Matiex Main Payload
-
Modifies WinLogon for persistence
-
Drops startup file
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-