General

  • Target

    ac755e035a8d5d91395277e4283d83198e820d743924698b863439aa8a82a340

  • Size

    963KB

  • Sample

    220508-g8q41shdc6

  • MD5

    99d104f5701496f3e10e96cfa898a50d

  • SHA1

    6f83c38fcb9c2fecc06875854ea9e3cd91d3a973

  • SHA256

    ac755e035a8d5d91395277e4283d83198e820d743924698b863439aa8a82a340

  • SHA512

    3285507f051a27eb1f37e774ea004ccb28ab94fa764ca0a45c06d4d6ed8c9b02be7a5e11749f721ac4f115296e32cc4308b90b91d1e94663beef9809f8788eec

Malware Config

Extracted

Family

matiex

Credentials

  • Protocol:
    smtp
  • Host:
    us2.smtp.mailhostbox.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    ze5qw@iC?1E}

Targets

    • Target

      ac755e035a8d5d91395277e4283d83198e820d743924698b863439aa8a82a340

    • Size

      963KB

    • MD5

      99d104f5701496f3e10e96cfa898a50d

    • SHA1

      6f83c38fcb9c2fecc06875854ea9e3cd91d3a973

    • SHA256

      ac755e035a8d5d91395277e4283d83198e820d743924698b863439aa8a82a340

    • SHA512

      3285507f051a27eb1f37e774ea004ccb28ab94fa764ca0a45c06d4d6ed8c9b02be7a5e11749f721ac4f115296e32cc4308b90b91d1e94663beef9809f8788eec

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

    • Matiex Main Payload

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

2
T1081

Collection

Data from Local System

2
T1005

Email Collection

1
T1114

Tasks