Overview

overview

10

Static

static

3

ac52db0c62...18.exe

windows7-x64

10

ac52db0c62...18.exe

windows10-2004-x64

7

$PLUGINSDI...xz.dll

windows7-x64

10

$PLUGINSDI...xz.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ac52db0c62fac74e6708635ac3db5f46_JaffaCakes118

  • Size

    343KB

  • Sample

    240404-b81qkabg34

  • MD5

    ac52db0c62fac74e6708635ac3db5f46

  • SHA1

    0f35104cb6938b60cabbaf6257975792d5399024

  • SHA256

    cd4d29b138b75a9d1a10fa7d724168ae155ef7779d97c042e8014b9ae6f93087

  • SHA512

    95953124e75a38ed27ad6e60cbe0f9e952d5d367237784a3c0b47ed7d5fa30846f61a575458e3880b8f0539924cfd029983aa46a137db5ff5152e82140df7925

  • SSDEEP

    6144:b8LxBBXsxzzxq3YgkqzS7M3TJcEghkLd199Tx5KN/Dv+JffuK1IDBgdugb:ysRzxq3wqzSmTJ9L5KNCfWK1cBxgb

Score
10/10
matiexcollectionkeyloggerspywarestealer

Malware Config

Extracted

Family

matiex

C2

https://api.telegram.org/bot1395392888:AAFrJovDdZICOFB0gX0eGWrAUzEKCRpv8xo/sendMessage?chat_id=1300181783

Targets

    • Target

      ac52db0c62fac74e6708635ac3db5f46_JaffaCakes118

    • Size

      343KB

    • MD5

      ac52db0c62fac74e6708635ac3db5f46

    • SHA1

      0f35104cb6938b60cabbaf6257975792d5399024

    • SHA256

      cd4d29b138b75a9d1a10fa7d724168ae155ef7779d97c042e8014b9ae6f93087

    • SHA512

      95953124e75a38ed27ad6e60cbe0f9e952d5d367237784a3c0b47ed7d5fa30846f61a575458e3880b8f0539924cfd029983aa46a137db5ff5152e82140df7925

    • SSDEEP

      6144:b8LxBBXsxzzxq3YgkqzS7M3TJcEghkLd199Tx5KN/Dv+JffuK1IDBgdugb:ysRzxq3wqzSmTJ9L5KNCfWK1cBxgb

    Score
    10/10
    matiexcollectionkeyloggerspywarestealer

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

      stealerkeyloggermatiex

    • Matiex Main payload

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/lqwipxz.dll

    • Size

      17KB

    • MD5

      148e2440033d4c9c35f68f4072ba5d1e

    • SHA1

      480b6d0a378fa7e785e79de7e0f757dd7e8124e3

    • SHA256

      47094fa8accf250c8df2021a0180140be6f1091415d44e9927e5ed6ba6c60bb4

    • SHA512

      1a272ef57ad29b3481a1f18530168d1af7cc6a20bef32249412e0eadcc7dbd306157c3b8fca971ac21bde9cf7229370124cce29038bd3cc1ef93a03008c0367d

    • SSDEEP

      384:mD4wra/y5RdIX0lcjIbqjC+/6ztBp9+JTjL:K4wrNp60lC8+C+/OpuTj

    Score
    10/10
    matiexcollectionkeyloggerspywarestealer

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

      stealerkeyloggermatiex

    • Matiex Main payload

    • Blocklisted process makes network request

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

4
T1552

Credentials In Files

4
T1552.001

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

4
T1005

Email Collection

2
T1114

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks