General
-
Target
b49831da526c73193082d584fcd03c62.exe
-
Size
719KB
-
Sample
230113-vbnvaaae74
-
MD5
b49831da526c73193082d584fcd03c62
-
SHA1
cd7efc3db0b67615e2b28b67077908ef0d70997c
-
SHA256
d7b79a3b233e302c0565522ee309e0eebb3bcf4309370f439cd228a829ea07cf
-
SHA512
f3e12fe112757d50ef4e8a41d035f2d629de9377fad96eb8754ad66af7f93600c02152403f8a4c309504b5b264e67988fa667638d605e07b820f4e9671dd04ff
-
SSDEEP
12288:pXcqhWkdzkMWzcw9OsOSsyRvy1u7kqtf2ssp2JcPpHL4JiV8qGV3wGa7Y8vh4HZI:pXc/SzGzc8OsO9yRvlD2ssp2eRHksiG5
Malware Config
Targets
-
-
Target
b49831da526c73193082d584fcd03c62.exe
-
Size
719KB
-
MD5
b49831da526c73193082d584fcd03c62
-
SHA1
cd7efc3db0b67615e2b28b67077908ef0d70997c
-
SHA256
d7b79a3b233e302c0565522ee309e0eebb3bcf4309370f439cd228a829ea07cf
-
SHA512
f3e12fe112757d50ef4e8a41d035f2d629de9377fad96eb8754ad66af7f93600c02152403f8a4c309504b5b264e67988fa667638d605e07b820f4e9671dd04ff
-
SSDEEP
12288:pXcqhWkdzkMWzcw9OsOSsyRvy1u7kqtf2ssp2JcPpHL4JiV8qGV3wGa7Y8vh4HZI:pXc/SzGzc8OsO9yRvlD2ssp2eRHksiG5
Score10/10-
Matiex
Matiex is a keylogger and infostealer first seen in July 2020.
-
Matiex Main payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-