General
-
Target
ac889a9c7fddd398345ac822d705d9506501868ca167ee73f240f09e83b19d95
-
Size
578KB
-
Sample
220521-bp88laccc5
-
MD5
4e410bdacd240bb27a62ff3f80c04740
-
SHA1
4e420d7bac5b411c8eb6f57ce90cffda18c99ecd
-
SHA256
ac889a9c7fddd398345ac822d705d9506501868ca167ee73f240f09e83b19d95
-
SHA512
3559c33f4211a876c36817958ab6338cdc8f2a8a8c7c5ea78224963f5bcf5f016f4f85ca77d33304b8afa8f6b6c7a9d78d0cae4f394b19bfd66f1e6b8023e80b
Malware Config
Extracted
matiex
Protocol: smtp- Host:
mail.ecg-ingenieria.mx - Port:
26 - Username:
k1@ecg-ingenieria.mx - Password:
l,0lw1B3YNrK
Targets
-
-
Target
ADHOC RFQ-97571784.exe
-
Size
755KB
-
MD5
5cfb7ea9e09e9374040d0cf7f2587003
-
SHA1
c7c0b492a8747d7260fc1467c766352d3bf1e4a6
-
SHA256
631e49665cad856917197537e97eef1e1f442428e3992ea20922ddf3564aba95
-
SHA512
85ff95de6635a8f1355cf90d67b470fe62e7fe6d975d53bb9ba220c56d30a91a6ad1b976a7e030b18482fa6cb2de2bc72f46f8b65e443d64c3386b02946baeb9
Score10/10-
Matiex
Matiex is a keylogger and infostealer first seen in July 2020.
-
Matiex Main Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-