General

  • Target

    6d63ce63a5e3739b672cee98df82016b785931edd059568123d6dc4f0676ed48

  • Size

    547KB

  • Sample

    220520-2fwt1sfcc9

  • MD5

    463a6246797ffb03ba873b7ec7529c14

  • SHA1

    7c669a1e5b230a2f175e3e7e76f9473626279586

  • SHA256

    6d63ce63a5e3739b672cee98df82016b785931edd059568123d6dc4f0676ed48

  • SHA512

    67da2b28da264b2f5c9655da7c1cd6e6c37e8ccda65853fbdbd783a7686881c4cb0147746e9f7689541ab05089ccf22a804f0144cc3e4507b872a652b68a0c56

Malware Config

Extracted

Family

matiex

Credentials

  • Protocol:
    smtp
  • Host:
    mail.ecg-ingenieria.mx
  • Port:
    26
  • Username:
    k1@ecg-ingenieria.mx
  • Password:
    l,0lw1B3YNrK

Targets

    • Target

      ADHOC RFQ-97571784.exe

    • Size

      752KB

    • MD5

      3b6a5dff660d98b9bf28fcd5d405f730

    • SHA1

      ff5edd294f28d909cdc7bda80d2c9cdb217684f0

    • SHA256

      3cb6e41efa5dff6ef7957b9ae07c6b47f2ec35bc88889424d83ca3e96bcf3922

    • SHA512

      3b031fbbbd6921659bd8ca68e50870128cb9e938552b72386c70a7288bf6b03a655da514f033f89d8a461019f8b54deb79a4a6c162989a052bdee81b5273fcee

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

    • Matiex Main Payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks