Extracted

• • Target

    ac52db0c62fac74e6708635ac3db5f46.exe

  • Size

    343KB

  • MD5

    ac52db0c62fac74e6708635ac3db5f46

  • SHA1

    0f35104cb6938b60cabbaf6257975792d5399024

  • SHA256

    cd4d29b138b75a9d1a10fa7d724168ae155ef7779d97c042e8014b9ae6f93087

  • SHA512

    95953124e75a38ed27ad6e60cbe0f9e952d5d367237784a3c0b47ed7d5fa30846f61a575458e3880b8f0539924cfd029983aa46a137db5ff5152e82140df7925

  Score

  10^/10

  matiexkeyloggerstealercollectionspywaresuricata

  • Matiex

    Matiex is a keylogger and infostealer first seen in July 2020.

    stealerkeyloggermatiex

  • Matiex Main Payload

  • suricata: ET MALWARE Matiex Keylogger Exfil Via Telegram

    suricata: ET MALWARE Matiex Keylogger Exfil Via Telegram

    suricata

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2