General

  • Target

    7f1949b61c8727e782c3f2cb7aafe7b062e92dc6dca20dab8a0cf03ea6cbeca7

  • Size

    424KB

  • Sample

    220521-n6hhesefh3

  • MD5

    1095828301dd1c188aa266ce3915d7a5

  • SHA1

    380da0f31a5981b5155597e409820080d09aa2a4

  • SHA256

    7f1949b61c8727e782c3f2cb7aafe7b062e92dc6dca20dab8a0cf03ea6cbeca7

  • SHA512

    6de0c6d8d498cf41a1009d4676b1ab8c89d7fd7d4e0e48ef96e314a3ccdee6b24fc2ad4847325c90f2cb6f4029da47b58dd3c838c6f1898a324f9a82f6a42851

Malware Config

Extracted

Family

matiex

Credentials

  • Protocol:
    smtp
  • Host:
    srvc13.turhost.com
  • Port:
    587
  • Username:
    info@bilgitekdagitim.com
  • Password:
    italik2015

Targets

    • Target

      T.HALK BANKASI A.S...17.08.2020 Hesap Ekstresi.exe

    • Size

      468KB

    • MD5

      3f20d10fe2e1bc476bf1b6d4465e71eb

    • SHA1

      3f8dbcd0831ec76afd558b280054f23886fb4c7f

    • SHA256

      3f7f872fea7066d980a443d82e9ec8c3c97fddd2f658b24919589bbdf4de1bcc

    • SHA512

      f8f29a16dffb0766678b26859f62bc595814660889a650dc330c40969bab7eda90b7934a96260c42891341671b89537f20321b4980dd0f97c413f2b9c8cad7cf

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

    • Matiex Main Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Collection

Data from Local System

2
T1005

Email Collection

1
T1114

Tasks