General
-
Target
f0079ac02b02f1ab654c37403e1548302d2db53e1c1040fdcafe40c3e1f0fb9a
-
Size
445KB
-
Sample
231208-bwjlhshg91
-
MD5
825601aec0eaade1a44ea4a8c8e33f4d
-
SHA1
1c25ffcef61773180aeb1a4f691d7b84346bce9d
-
SHA256
f0079ac02b02f1ab654c37403e1548302d2db53e1c1040fdcafe40c3e1f0fb9a
-
SHA512
60927ffe89175d899d4daf233740a98dae0dc0a65aad6fe1e6f04ecfa6131134e2b586dcfa6f252644c361c7dd17e2c21bb0198e3da657f2cdf272adc6ee3a0f
-
SSDEEP
3072:kokkBzx1kzVKqZp9j1wDRllK80CEZNxGJVlAHsaSzR/MzAZP6N4Fl:7Bz/uVKqZ3jCDRllJGHsaSzR/EAZPQC
Malware Config
Extracted
matiex
Protocol: smtp- Host:
mail.miners-gold.com - Port:
587 - Username:
[email protected] - Password:
Ff3sLt@LmpF$ - Email To:
[email protected]
Targets
-
-
Target
f0079ac02b02f1ab654c37403e1548302d2db53e1c1040fdcafe40c3e1f0fb9a
-
Size
445KB
-
MD5
825601aec0eaade1a44ea4a8c8e33f4d
-
SHA1
1c25ffcef61773180aeb1a4f691d7b84346bce9d
-
SHA256
f0079ac02b02f1ab654c37403e1548302d2db53e1c1040fdcafe40c3e1f0fb9a
-
SHA512
60927ffe89175d899d4daf233740a98dae0dc0a65aad6fe1e6f04ecfa6131134e2b586dcfa6f252644c361c7dd17e2c21bb0198e3da657f2cdf272adc6ee3a0f
-
SSDEEP
3072:kokkBzx1kzVKqZp9j1wDRllK80CEZNxGJVlAHsaSzR/MzAZP6N4Fl:7Bz/uVKqZ3jCDRllJGHsaSzR/EAZPQC
Score10/10-
Matiex
Matiex is a keylogger and infostealer first seen in July 2020.
-
Matiex Main payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-