General
-
Target
9ef4e0f2ee00f17614f4eb5d39686051
-
Size
880KB
-
Sample
240216-apczqacc5s
-
MD5
9ef4e0f2ee00f17614f4eb5d39686051
-
SHA1
f1c0a8539699522b0f29a01ee99334d823e9d356
-
SHA256
5995d49dd8ebd718b0232c7eb37a8f81996be3f9d76b5c76bdcd2dbf09302648
-
SHA512
56b8c58c99bfe73944ff144faaae2a8dc6bb44c6cad4e4c5d82447f1d7085d5b78739111d387a08f6f6c4f5b8677f7ede4697816aee2b894d6029a1050ea12ed
-
SSDEEP
12288:u6csGI/cgDF5gHMm6oAuUSzdnyTLfhiWBB9zI8WuZGH/0yr63km62EObbo:uKLgsrZQxnynfhiQn4zrS2
Malware Config
Extracted
matiex
Protocol: smtp- Host:
mail.thts.vn - Port:
25 - Username:
[email protected] - Password:
123luongngan1989 - Email To:
[email protected]
Targets
-
-
Target
9ef4e0f2ee00f17614f4eb5d39686051
-
Size
880KB
-
MD5
9ef4e0f2ee00f17614f4eb5d39686051
-
SHA1
f1c0a8539699522b0f29a01ee99334d823e9d356
-
SHA256
5995d49dd8ebd718b0232c7eb37a8f81996be3f9d76b5c76bdcd2dbf09302648
-
SHA512
56b8c58c99bfe73944ff144faaae2a8dc6bb44c6cad4e4c5d82447f1d7085d5b78739111d387a08f6f6c4f5b8677f7ede4697816aee2b894d6029a1050ea12ed
-
SSDEEP
12288:u6csGI/cgDF5gHMm6oAuUSzdnyTLfhiWBB9zI8WuZGH/0yr63km62EObbo:uKLgsrZQxnynfhiQn4zrS2
Score10/10-
Matiex
Matiex is a keylogger and infostealer first seen in July 2020.
-
Matiex Main payload
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-