matiex | d19dc1aef457a11c415d41b9bec1f6e7679b20aacc6771f789c66701be2d9a10 | Triage

Submit
Reports

Overview

overview

Static

static

28f416d3d1...30.exe

windows7_x64

28f416d3d1...30.exe

windows10_x64

Sharing

General

Target

28f416d3d15990c1f3496f1f50e27430.exe
Size

851KB
Sample

210910-t9j4badeaq
MD5

28f416d3d15990c1f3496f1f50e27430
SHA1

f894aba5978f920d54d054add03f2e4b6e06b199
SHA256

d19dc1aef457a11c415d41b9bec1f6e7679b20aacc6771f789c66701be2d9a10
SHA512

aef4a944ad31362a50351b53b070219aa533bec721f536c13f77ccb244cc723946e4462a7a6e78a18c5ff433ed2969821979ca499eb60429e8a20ddc61b4c20d

Score

10^/10

matiex keylogger persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

28f416d3d15990c1f3496f1f50e27430.exe

Resource

win7-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

28f416d3d15990c1f3496f1f50e27430.exe

Resource

win10-en

matiex keylogger persistence spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  28f416d3d15990c1f3496f1f50e27430.exe
- Size
  
  851KB
- MD5
  
  28f416d3d15990c1f3496f1f50e27430
- SHA1
  
  f894aba5978f920d54d054add03f2e4b6e06b199
- SHA256
  
  d19dc1aef457a11c415d41b9bec1f6e7679b20aacc6771f789c66701be2d9a10
- SHA512
  
  aef4a944ad31362a50351b53b070219aa533bec721f536c13f77ccb244cc723946e4462a7a6e78a18c5ff433ed2969821979ca499eb60429e8a20ddc61b4c20d
Score

10^/10

matiex keylogger persistence spyware stealer
- Matiex
  Matiex is a keylogger and infostealer first seen in July 2020.
  stealer keylogger matiex
- Matiex Main Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

matiexkeyloggerpersistencespywarestealer

© 2018-2024

Terms | Privacy