General

  • Target

    7ab64e35c5907423159e5257e38154b671c88b9b96808ae73c8dff6b9ae9ed63

  • Size

    187KB

  • Sample

    220508-hamvdahdh4

  • MD5

    3f6af7853bb4ccf152c7034aa908fa71

  • SHA1

    698a08dc0ae407391b20b304f49e09bfd29c4193

  • SHA256

    7ab64e35c5907423159e5257e38154b671c88b9b96808ae73c8dff6b9ae9ed63

  • SHA512

    2cfc51f46c0e97d1b28f9762fb7843c5bcbab8f01fadbc19c0760dea12391c95f6f7874ff29732bbaeec6eca251c15941d6e19152dcae024dec19d1d4675ec26

Malware Config

Extracted

Family

matiex

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Goodness123x

Targets

    • Target

      7ab64e35c5907423159e5257e38154b671c88b9b96808ae73c8dff6b9ae9ed63

    • Size

      187KB

    • MD5

      3f6af7853bb4ccf152c7034aa908fa71

    • SHA1

      698a08dc0ae407391b20b304f49e09bfd29c4193

    • SHA256

      7ab64e35c5907423159e5257e38154b671c88b9b96808ae73c8dff6b9ae9ed63

    • SHA512

      2cfc51f46c0e97d1b28f9762fb7843c5bcbab8f01fadbc19c0760dea12391c95f6f7874ff29732bbaeec6eca251c15941d6e19152dcae024dec19d1d4675ec26

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

    • Matiex Main Payload

    • Disables Task Manager via registry modification

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks