General
-
Target
ee012ccf95286d03ea9cc4d508fee46e_JaffaCakes118
-
Size
780KB
-
Sample
240411-wfpstagf64
-
MD5
ee012ccf95286d03ea9cc4d508fee46e
-
SHA1
03d86e7dad5b312e03bd3d928c1514f293d79051
-
SHA256
2f9c6244fa0ed0d62188100de444fdd5244a3930ba845d5615322ff89e85bbf8
-
SHA512
c9c95663c3a5e25d8e0d97870387b7ca7a735409297655c590f3117299b3feda7c47dd476ac8e207259f5ead961fe77dbbc5f1b3a2defbb99531bf78e3d656f2
-
SSDEEP
12288:0l6ttSwR5amrYMNygJvPch2tFbwv7IhpSxITamCTnKeWzzJnWqN2Ev2K1Bc5BmM0:ryk5nCIhx6B
Malware Config
Extracted
matiex
https://api.telegram.org/bot1395392888:AAFrJovDdZICOFB0gX0eGWrAUzEKCRpv8xo/sendMessage?chat_id=1300181783
Targets
-
-
Target
ee012ccf95286d03ea9cc4d508fee46e_JaffaCakes118
-
Size
780KB
-
MD5
ee012ccf95286d03ea9cc4d508fee46e
-
SHA1
03d86e7dad5b312e03bd3d928c1514f293d79051
-
SHA256
2f9c6244fa0ed0d62188100de444fdd5244a3930ba845d5615322ff89e85bbf8
-
SHA512
c9c95663c3a5e25d8e0d97870387b7ca7a735409297655c590f3117299b3feda7c47dd476ac8e207259f5ead961fe77dbbc5f1b3a2defbb99531bf78e3d656f2
-
SSDEEP
12288:0l6ttSwR5amrYMNygJvPch2tFbwv7IhpSxITamCTnKeWzzJnWqN2Ev2K1Bc5BmM0:ryk5nCIhx6B
Score10/10-
Detect ZGRat V1
-
Matiex
Matiex is a keylogger and infostealer first seen in July 2020.
-
Matiex Main payload
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-