Overview

overview

10

Static

static

8e5e31f5dd...9a.exe

windows7_x64

10

8e5e31f5dd...9a.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8e5e31f5dd73631eddc2cb57e0f48a9a

  • Size

    1.5MB

  • Sample

    211209-sbk3aacce5

  • MD5

    8e5e31f5dd73631eddc2cb57e0f48a9a

  • SHA1

    13bd3cf85edef10be8b60c96334eda4f30eda0ba

  • SHA256

    356c38de132ad392f3155f48d11f97efbd7892a04499aea67dab5a76e85cb68d

  • SHA512

    43cf5099575d698ffbd13dc82aa76e2358629d52217cd9d019acfb52c87a29e1ef9750dee756d164787544c76cc68464b014e3f17b3236467952ef95215a94d1

Score
10/10
matiexcollectionkeyloggerspywarestealer

Malware Config

Extracted

Family

matiex

C2

https://api.telegram.org/bot1769394961:AAF5BB35akL859CwVaXypIqpVsGWlaKvi7A/sendMessage?chat_id=1735544933

Targets

    • Target

      8e5e31f5dd73631eddc2cb57e0f48a9a

    • Size

      1.5MB

    • MD5

      8e5e31f5dd73631eddc2cb57e0f48a9a

    • SHA1

      13bd3cf85edef10be8b60c96334eda4f30eda0ba

    • SHA256

      356c38de132ad392f3155f48d11f97efbd7892a04499aea67dab5a76e85cb68d

    • SHA512

      43cf5099575d698ffbd13dc82aa76e2358629d52217cd9d019acfb52c87a29e1ef9750dee756d164787544c76cc68464b014e3f17b3236467952ef95215a94d1

    Score
    10/10
    matiexcollectionkeyloggerspywarestealer

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

      stealerkeyloggermatiex

    • Matiex Main Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks