General
-
Target
13906e93879e0acf02ea85b074e5385b7fa080916b55687805a16e9004e0f2c7
-
Size
84KB
-
Sample
220521-b5ghhsgahm
-
MD5
376944ae1de8e4181797668fb81022da
-
SHA1
9e47cd037aced0e07483c77f3b031bbb23ade9d1
-
SHA256
13906e93879e0acf02ea85b074e5385b7fa080916b55687805a16e9004e0f2c7
-
SHA512
2b9cdc8abb59489d9bc6f0ebd41c32291531784ad22712cd1b3e2f44f20d189a779590a39a3699f38c20f4b15f5ce90ae454dff2a8677c7dde7998b3fbfadbe4
Malware Config
Extracted
matiex
https://api.telegram.org/bot1216271892:AAEn1Tw6TUedDgDlack_UbEaK5yRAySruSY/sendMessage?chat_id=1318177442
Targets
-
-
Target
window-defender-update.exe
-
Size
425KB
-
MD5
5521b99b3fddfd85d4e3deecd76ca528
-
SHA1
2d09ed2e854b11ec79dfd700c2c92d8b1b19fda3
-
SHA256
f8506d8f2b01e7443ce001edb1bf9bd307bcd8f8bcd57746d4472f8027fae489
-
SHA512
49eda27adb9f2a27710a8b472913ab02e71bbeedf35ad99f119daf4b4191c77f9dca692d74496ddc2322b93c71b5fe7299104582ea7d1c6743ae02418a67e664
Score10/10-
Matiex
Matiex is a keylogger and infostealer first seen in July 2020.
-
Matiex Main Payload
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-