General
-
Target
baff05977681e02ac5c004975c9033ede364ce7e18e660dc51a58917745057bb
-
Size
291KB
-
Sample
220521-nd8txagfeq
-
MD5
8bd8d8edec26d2d48e4335cc29e3d112
-
SHA1
9e01a547209c209019d5b3d5feab2bb3af9498b7
-
SHA256
baff05977681e02ac5c004975c9033ede364ce7e18e660dc51a58917745057bb
-
SHA512
37694d7495b530b0851a4274f4e8f3ee97d090052d4687faabc8ce48e9af9daaedc1a7a60993e48bde5f3aaf331d7a8097e6f141f57dac0d74aad3a9c7b8e094
Malware Config
Extracted
matiex
Protocol: smtp- Host:
matrixyarn.com - Port:
587 - Username:
bala@matrixyarn.com - Password:
12bala12
Targets
-
-
Target
Proforma Invoice.exe
-
Size
332KB
-
MD5
64ad519e93364e83854d0447c5dbbade
-
SHA1
76702fc45937a91c4b52f2174c22b827eed22f7c
-
SHA256
a0fb0bec2f23bac8669541f20dc961c96cc74028a0fe96b272d0aad470e67837
-
SHA512
359e7f95e1d056f01d1bca3761f0bf5ba123a6e9cb3e9bbb873dab771c81cfb60f6453727eb1efa039b51edc2d9c3edb948d7c6f0642f1ee7b10b40d0f250c8a
Score10/10-
Matiex
Matiex is a keylogger and infostealer first seen in July 2020.
-
Matiex Main Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-