Overview

overview

10

Static

static

Products D...ce.exe

windows7_x64

10

Products D...ce.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Products Details and Order reference.exe

  • Size

    591KB

  • Sample

    211007-e9dtzabgh6

  • MD5

    4107bb08f0c20c1bafd7839f1bf77a8b

  • SHA1

    ba4daabff9037990d45c4cfafe4690a7fe2ddbfb

  • SHA256

    dd182afe8c89ecfb8d2d449f5e700d7ac09b979315238abf0cee1cdd65d6c27f

  • SHA512

    88b10d5719e82d69d80e2e9264b0e0c86bba686d127fcd7366fb0be5c71846c8a5013b4a6c96ed750242a9f88e5bd3504e9705580024ecf1106eea9b9b7dfe60

Score
10/10
matiexkeyloggerstealer

Malware Config

Extracted

Family

matiex

Credentials

  • Protocol:     smtp
  • Host:
    mail.thts.vn
  • Port:
    25
  • Username:
    [email protected]
  • Password:
    123luongngan1989

Targets

    • Target

      Products Details and Order reference.exe

    • Size

      591KB

    • MD5

      4107bb08f0c20c1bafd7839f1bf77a8b

    • SHA1

      ba4daabff9037990d45c4cfafe4690a7fe2ddbfb

    • SHA256

      dd182afe8c89ecfb8d2d449f5e700d7ac09b979315238abf0cee1cdd65d6c27f

    • SHA512

      88b10d5719e82d69d80e2e9264b0e0c86bba686d127fcd7366fb0be5c71846c8a5013b4a6c96ed750242a9f88e5bd3504e9705580024ecf1106eea9b9b7dfe60

    Score
    10/10
    matiexkeyloggerstealer

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

      stealerkeyloggermatiex

    • Matiex Main Payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks