General

  • Target

    b2be978e389bf6813270971a335eddb21f4eb81988ad9cb9f1ddb74286885fdd

  • Size

    460KB

  • Sample

    220503-a2falsgcan

  • MD5

    610e0e7008da4ffecf532388d6349cd9

  • SHA1

    0ff1314c502cc256f53a607031b3f1816343de71

  • SHA256

    b2be978e389bf6813270971a335eddb21f4eb81988ad9cb9f1ddb74286885fdd

  • SHA512

    ea4a14fbd4b1a860b9dc575f35db7ab1f1a7726aa2b47000a5cbcbee7dcd9db5b620baf54376eb4abe6a37176f965929f86b8f4c22bc5460298136fbac12d99f

Malware Config

Extracted

Family

matiex

Credentials

  • Protocol:
    smtp
  • Host:
    srvc13.turhost.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    italik2015

Targets

    • Target

      payment invoice090909000.exe

    • Size

      478KB

    • MD5

      5ce9199ca2f9bbfb99cf5dd672e884af

    • SHA1

      484ce13dc8aed2309c2bbeb25b0136bbe5228114

    • SHA256

      9a14ef7dd61e214e5d8f0ed0e4e98efdf3b6a97794e12e6c74811f85bf0fe021

    • SHA512

      509af31de428567ab35be085259e78b88ddf0627c26baaf7d1c54099b531798815a436638523aae5ace4ea4017634057ff197abc579cc38ceb2841b14250ebfa

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

    • Matiex Main Payload

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks