General

  • Target

    36e2aeb30102a06a4f2604140e273afc_JaffaCakes118

  • Size

    727KB

  • Sample

    240729-edxbfawdpd

  • MD5

    36e2aeb30102a06a4f2604140e273afc

  • SHA1

    e0af9024e33c8ce73624a4aa1dcf49cb2f49b2fd

  • SHA256

    dcc9ebbfe48ee7e19ca98d1a6f8232c17cb35618bcb654e32bcffda87166c22b

  • SHA512

    61df3c81e305e7f49bc2682ae874dc160ea302ee311f8955a5b2e939198fbe976b431b104021c37b5dfe994d390193c7de8215de2803a5f66a3b7ea2f2b6abb4

  • SSDEEP

    12288:Z9ZQhqP8e9sJEtbDgT4/stKVXFOBTJqv71AebFsV0NZtj8nAUXh5K:Z9ShqPFUestKVVITJMhnbFsVor6X

Malware Config

Extracted

Family

matiex

Credentials

  • Protocol:
    smtp
  • Host:
    ebop.website
  • Port:
    587
  • Username:
    info.center1@ebop.website
  • Password:
    P@ssw0rdP@ssw0rd
  • Email To:
    uchenna@greatdeck.co

Targets

    • Target

      36e2aeb30102a06a4f2604140e273afc_JaffaCakes118

    • Size

      727KB

    • MD5

      36e2aeb30102a06a4f2604140e273afc

    • SHA1

      e0af9024e33c8ce73624a4aa1dcf49cb2f49b2fd

    • SHA256

      dcc9ebbfe48ee7e19ca98d1a6f8232c17cb35618bcb654e32bcffda87166c22b

    • SHA512

      61df3c81e305e7f49bc2682ae874dc160ea302ee311f8955a5b2e939198fbe976b431b104021c37b5dfe994d390193c7de8215de2803a5f66a3b7ea2f2b6abb4

    • SSDEEP

      12288:Z9ZQhqP8e9sJEtbDgT4/stKVXFOBTJqv71AebFsV0NZtj8nAUXh5K:Z9ShqPFUestKVVITJMhnbFsVor6X

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

    • Matiex Main payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.