General

  • Target

    4c68c1e4fd2d8f01655223f1032b985e0d14a6539d7d9ce6fbf985bdbb04f813

  • Size

    1.5MB

  • Sample

    220521-b5drmadac4

  • MD5

    fe053c8f36f76bdf802410e7b2579093

  • SHA1

    0c1aa8abb52946982d7b69f7b85f6b415d6e8705

  • SHA256

    4c68c1e4fd2d8f01655223f1032b985e0d14a6539d7d9ce6fbf985bdbb04f813

  • SHA512

    b001420472e2cdc90eaf3383d495801ba0c26c87748e22561600a65715166ec610c60dbad143461c0f54ebd44c8da84aeebaa45c31cc6c8c5c6a1b8a28c50f96

Malware Config

Targets

    • Target

      file00.exe

    • Size

      5.7MB

    • MD5

      54d096ce65a1e470369d4eebed99f339

    • SHA1

      0b9e9dda0a265bee3c45b82d38fa8508aa034235

    • SHA256

      d680214c548a039dc97e53e8e4a81d25a77cac43cdf7246616b345a70d5bf04a

    • SHA512

      c009d1d74cab8d0f12f1c643bf793aa7aafbe9f8f12b517b2f22e28159d1b064653539e265ca946b39f956659a70a0cfd0302f6e1aa4980227d09f2479559319

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

    • Matiex Main Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Collection

Data from Local System

2
T1005

Email Collection

1
T1114

Tasks