General
-
Target
5772340cf31a79bda48233f83129000e1251729177d89f673c78a03611d478ce
-
Size
494KB
-
Sample
220511-c4nqwadgf7
-
MD5
1b877b7ef603ff7b253dec28404d1a39
-
SHA1
b5e184b39159b9a7c05993e8aaa3fd405bf5b27a
-
SHA256
5772340cf31a79bda48233f83129000e1251729177d89f673c78a03611d478ce
-
SHA512
0eae1eceb638fc3df6d8a9a23ef1b69f4ae2ab49aa11496fb8a5261045704bf76e58ccc1a4e9e2dc1f50dc98d1ae582de6f37366432e558fab0b0ebb0f3961fd
Malware Config
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
[email protected] - Password:
italik2015
Targets
-
-
Target
5772340cf31a79bda48233f83129000e1251729177d89f673c78a03611d478ce
-
Size
494KB
-
MD5
1b877b7ef603ff7b253dec28404d1a39
-
SHA1
b5e184b39159b9a7c05993e8aaa3fd405bf5b27a
-
SHA256
5772340cf31a79bda48233f83129000e1251729177d89f673c78a03611d478ce
-
SHA512
0eae1eceb638fc3df6d8a9a23ef1b69f4ae2ab49aa11496fb8a5261045704bf76e58ccc1a4e9e2dc1f50dc98d1ae582de6f37366432e558fab0b0ebb0f3961fd
Score10/10-
Matiex
Matiex is a keylogger and infostealer first seen in July 2020.
-
Matiex Main Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-