Overview

overview

10

Static

static

Ref 299839...ry.exe

windows7_x64

10

Ref 299839...ry.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Ref 2998390020 purchasing inquiry.rar

  • Size

    380KB

  • Sample

    211003-gjn85afbfj

  • MD5

    ba9a50644b51032318fba8b4feece352

  • SHA1

    f1ec4b3f9a65726f15681235b5a52b6d82b5c46e

  • SHA256

    591b179d161ffb99cf404c3c2a2ef5ed93452dd737c6c91bc3182838961fa295

  • SHA512

    a9b0ca29cf809d4e849f35ec1ab54fc17263230c3fb34ca42f22ffa66e222c4e4a382506ed26bc905fccda27213a5821729b6dca08565b62335ad2e2bf3de6ea

Score
10/10
matiexkeyloggerspywarestealer

Malware Config

Extracted

Family

matiex

Credentials

  • Protocol:     smtp
  • Host:
    mail.thts.vn
  • Port:
    25
  • Username:
    [email protected]
  • Password:
    123luongngan1989

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.thts.vn
  • Port:
    25
  • Username:
    [email protected]
  • Password:
    123luongngan1989

Targets

    • Target

      Ref 2998390020 purchasing inquiry.exe

    • Size

      442KB

    • MD5

      4db15735772716ead8b0a838c67f91c6

    • SHA1

      e7770b8a8d3d092f3bd38de265890f6cf17d1406

    • SHA256

      5d65c8c1dbe91d020fe6dfefe37ef17651aaead257fdd7f24aa08b9a38cbb8fc

    • SHA512

      38f0d118a3dfdb2ca0a0fd64b23cde9cdd76c410b85fa1f69dd164b121a25c213ea5dff75a7ab658c57cd5b7822cc16f7e19bcdeb63d202271065147cb22cc4c

    Score
    10/10
    matiexkeyloggerstealerspyware

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

      stealerkeyloggermatiex

    • Matiex Main Payload

    • Drops startup file

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

3
T1005

Exfiltration

Command and Control

Impact

Tasks