General
-
Target
3d2597838d30d770b8ab97433aaa8c384424c1db8820cb7b5d3c698c788b4f72
-
Size
443KB
-
Sample
220502-swl53safam
-
MD5
38353b352ceafbce47acbdcc1179c66b
-
SHA1
fc9767c4e2da7677b293c8bed24a8eeabe792e31
-
SHA256
3d2597838d30d770b8ab97433aaa8c384424c1db8820cb7b5d3c698c788b4f72
-
SHA512
1606410905cb16d0bd54bb343c40ccee1b783e2bd78f9a61d8a1fb2bd1f27589aa7371c2762ed8e6b5b0328db7335e28846a7ca8fed3c60a13ec93b214e1d942
Malware Config
Extracted
matiex
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Goodluck123x
Targets
-
-
Target
3d2597838d30d770b8ab97433aaa8c384424c1db8820cb7b5d3c698c788b4f72
-
Size
443KB
-
MD5
38353b352ceafbce47acbdcc1179c66b
-
SHA1
fc9767c4e2da7677b293c8bed24a8eeabe792e31
-
SHA256
3d2597838d30d770b8ab97433aaa8c384424c1db8820cb7b5d3c698c788b4f72
-
SHA512
1606410905cb16d0bd54bb343c40ccee1b783e2bd78f9a61d8a1fb2bd1f27589aa7371c2762ed8e6b5b0328db7335e28846a7ca8fed3c60a13ec93b214e1d942
Score10/10-
Matiex
Matiex is a keylogger and infostealer first seen in July 2020.
-
Matiex Main Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-