General

  • Target

    d99b8e6673cd8a25487bbea1856080fe.exe

  • Size

    446KB

  • Sample

    220801-h1392sdhb7

  • MD5

    d99b8e6673cd8a25487bbea1856080fe

  • SHA1

    68ccd5f609e44f25dbfd0f518a0a770aeda31444

  • SHA256

    2fa98cd82e882a468f4dce16d59f30faa6acd4ce3a22fcacbe7325702f3178ab

  • SHA512

    5dfb9017ceaf4a1d951c52eee4aea2bebd47356bb1b313ca07260a6cc12d0d960b5e27a8da9c7c5db823721e60a6247433081f1801447ec59de9031eef47e00f

Malware Config

Extracted

Family

matiex

Credentials

  • Protocol:
    smtp
  • Host:
    smpt.mail.ru
  • Port:
    25
  • Username:
    man.scary@bk.ru
  • Password:
    Woody123A

Targets

    • Target

      d99b8e6673cd8a25487bbea1856080fe.exe

    • Size

      446KB

    • MD5

      d99b8e6673cd8a25487bbea1856080fe

    • SHA1

      68ccd5f609e44f25dbfd0f518a0a770aeda31444

    • SHA256

      2fa98cd82e882a468f4dce16d59f30faa6acd4ce3a22fcacbe7325702f3178ab

    • SHA512

      5dfb9017ceaf4a1d951c52eee4aea2bebd47356bb1b313ca07260a6cc12d0d960b5e27a8da9c7c5db823721e60a6247433081f1801447ec59de9031eef47e00f

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

    • Matiex Main payload

    • Drops startup file

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Collection

Data from Local System

2
T1005

Email Collection

1
T1114

Tasks