General
-
Target
74e84e3c4b722fc24d404ff538e64b7d3f686fd162080f2bddd7af51d71b5bad
-
Size
598KB
-
Sample
220503-zemhvaegbk
-
MD5
4f4f40bd30268357f26125e00fa13983
-
SHA1
230c64413c230a86db04197100daee8cd492e85c
-
SHA256
74e84e3c4b722fc24d404ff538e64b7d3f686fd162080f2bddd7af51d71b5bad
-
SHA512
ecd1105038b353b3a47de0e5c856939ea2284825aa9c0179c666b850addfc09c4297d3d130b7d618b2d2506558b617f0f4f7a02c6768491819dbe68cee0a641f
Malware Config
Extracted
matiex
Protocol: smtp- Host:
mail.vizvec.com - Port:
26 - Username:
[email protected] - Password:
Domain123@
Targets
-
-
Target
74e84e3c4b722fc24d404ff538e64b7d3f686fd162080f2bddd7af51d71b5bad
-
Size
598KB
-
MD5
4f4f40bd30268357f26125e00fa13983
-
SHA1
230c64413c230a86db04197100daee8cd492e85c
-
SHA256
74e84e3c4b722fc24d404ff538e64b7d3f686fd162080f2bddd7af51d71b5bad
-
SHA512
ecd1105038b353b3a47de0e5c856939ea2284825aa9c0179c666b850addfc09c4297d3d130b7d618b2d2506558b617f0f4f7a02c6768491819dbe68cee0a641f
Score10/10-
Matiex
Matiex is a keylogger and infostealer first seen in July 2020.
-
Matiex Main Payload
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-