General
-
Target
1b282409371bffd8a0958cfc23fec3f6df136c72f43471ac913f9b904c7a4687
-
Size
5.0MB
-
Sample
220520-2qs6waaghp
-
MD5
8db829ab4445100d2c17ff53f8de0c10
-
SHA1
f23a8912d4ba7d50c8a062bae3acac48ac4b78fd
-
SHA256
1b282409371bffd8a0958cfc23fec3f6df136c72f43471ac913f9b904c7a4687
-
SHA512
a670c51f89e6db3881ba5e743cd162544104584b0d1e6ca085375b9b323c976329565b48c70f0edb77d5ccf4ee4d8bbd6511fa426e677b7f49b28611e995c83a
Malware Config
Targets
-
-
Target
Payment receipt.exe
-
Size
4.9MB
-
MD5
21ce722319d2e436a23302c488c8e474
-
SHA1
8926922f8a66a95200513918c5370b3bef143be9
-
SHA256
c9e3b73cd0bfb2a80b1ac9b3e45272975bdac5ed76ac3f9a5a2e963d82370cca
-
SHA512
2fe3408605227f45b4cd11e2eb502aa9806665433c3144c93c0c2ef4580de9d755602f232d83c111b9d7e5399c8f080743abda332a77ae107842bac1910df0d7
Score10/10-
Matiex
Matiex is a keylogger and infostealer first seen in July 2020.
-
Matiex Main Payload
-
Modifies WinLogon for persistence
-
Modifies Windows Defender Real-time Protection settings
-
Drops startup file
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-