General

  • Target

    687f82ebf8ec4f6228e56174d85062d2e3c3c12250aa7479b67810d5240148bf

  • Size

    668KB

  • Sample

    220508-ct3r2schc3

  • MD5

    f52ca29e6654da78370289212d5117f9

  • SHA1

    2d0d029673966c5c98ff836f9c1a65d3826e91e6

  • SHA256

    687f82ebf8ec4f6228e56174d85062d2e3c3c12250aa7479b67810d5240148bf

  • SHA512

    bb59acd8547fc69a19b9bd29a490b72ee248c8a57d5005b332cec45644f43cb4625f20099b2ac92b7cd0571bc350ad2c1513066b87afd15ea0121522d26169e9

Malware Config

Extracted

Family

matiex

Credentials

  • Protocol:
    smtp
  • Host:
    srvc13.turhost.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    italik2015

Targets

    • Target

      687f82ebf8ec4f6228e56174d85062d2e3c3c12250aa7479b67810d5240148bf

    • Size

      668KB

    • MD5

      f52ca29e6654da78370289212d5117f9

    • SHA1

      2d0d029673966c5c98ff836f9c1a65d3826e91e6

    • SHA256

      687f82ebf8ec4f6228e56174d85062d2e3c3c12250aa7479b67810d5240148bf

    • SHA512

      bb59acd8547fc69a19b9bd29a490b72ee248c8a57d5005b332cec45644f43cb4625f20099b2ac92b7cd0571bc350ad2c1513066b87afd15ea0121522d26169e9

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

    • Matiex Main Payload

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Collection

Email Collection

1
T1114

Tasks