General
-
Target
0b52424adb115b1336d084cf0cfbb73e_JaffaCakes118
-
Size
715KB
-
Sample
240501-hql8sace77
-
MD5
0b52424adb115b1336d084cf0cfbb73e
-
SHA1
084e85f67c1743bc12a6bdea960a3fd34025cf51
-
SHA256
0ed96cf4589be7b6b9b9562a165f4587ecf61e70a4958fb524f75c8b7c0b3fc9
-
SHA512
4e162fdb73d382a85959c613cce961424e50e1b524b36ce82bfb44cd4f0f00ae547f84ab52201c9fa88d9f70e1a36c81635808895d8b7e1ab7d47f6ab1cca95c
-
SSDEEP
12288:RDhxrUNCKpoxLfz7SzJHtODOWFg3W/jwG4cxxPtUU+GwGp:xWCcoxjqJHt0Hg3ijwJ4z+Sp
Malware Config
Extracted
matiex
https://api.telegram.org/bot1327331385:AAFaAF38_aAo1cyYYTIEnuc9sIJxwBlO_i4/sendMessage?chat_id=1055082792
Targets
-
-
Target
0b52424adb115b1336d084cf0cfbb73e_JaffaCakes118
-
Size
715KB
-
MD5
0b52424adb115b1336d084cf0cfbb73e
-
SHA1
084e85f67c1743bc12a6bdea960a3fd34025cf51
-
SHA256
0ed96cf4589be7b6b9b9562a165f4587ecf61e70a4958fb524f75c8b7c0b3fc9
-
SHA512
4e162fdb73d382a85959c613cce961424e50e1b524b36ce82bfb44cd4f0f00ae547f84ab52201c9fa88d9f70e1a36c81635808895d8b7e1ab7d47f6ab1cca95c
-
SSDEEP
12288:RDhxrUNCKpoxLfz7SzJHtODOWFg3W/jwG4cxxPtUU+GwGp:xWCcoxjqJHt0Hg3ijwJ4z+Sp
Score10/10-
Matiex
Matiex is a keylogger and infostealer first seen in July 2020.
-
Matiex Main payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-