General
-
Target
638d983d397e9ce408d91ae82b632106.exe
-
Size
640KB
-
Sample
230213-r5zxvsdh46
-
MD5
638d983d397e9ce408d91ae82b632106
-
SHA1
477a1c06ff37abf3494373de86cfbf2d44d6bc1f
-
SHA256
9fe57643fb90f5f1ca560a6a9861296d58290795f061f22b15dd19dcfeb882bc
-
SHA512
04053481e52235cc3b6f2a21ccfd92ad9c448c80c9560ecd9ea03a0c9d771843e6830b03a0c9a2ec488a6855e0f13470f4beef3ef14608587850ecc92965e2c5
-
SSDEEP
12288:aCe8LxGQ7MRSRAsDYeQBWlWc4b70eU06zTwjZ++R5Mi6/ZVgCp0TLAXZoCzZW:aN88Q7aQjDYLWlhW7JUyZ++R5PyZ5pcQ
Malware Config
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
[email protected] - Password:
italik2015
Targets
-
-
Target
638d983d397e9ce408d91ae82b632106.exe
-
Size
640KB
-
MD5
638d983d397e9ce408d91ae82b632106
-
SHA1
477a1c06ff37abf3494373de86cfbf2d44d6bc1f
-
SHA256
9fe57643fb90f5f1ca560a6a9861296d58290795f061f22b15dd19dcfeb882bc
-
SHA512
04053481e52235cc3b6f2a21ccfd92ad9c448c80c9560ecd9ea03a0c9d771843e6830b03a0c9a2ec488a6855e0f13470f4beef3ef14608587850ecc92965e2c5
-
SSDEEP
12288:aCe8LxGQ7MRSRAsDYeQBWlWc4b70eU06zTwjZ++R5Mi6/ZVgCp0TLAXZoCzZW:aN88Q7aQjDYLWlhW7JUyZ++R5PyZ5pcQ
Score10/10-
Matiex
Matiex is a keylogger and infostealer first seen in July 2020.
-
Matiex Main payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-