Overview

overview

10

Static

static

tmp/vbc.exe

windows7_x64

10

tmp/vbc.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tmp/vbc.exe

  • Size

    1.4MB

  • Sample

    211214-q3p47sggfp

  • MD5

    3668f9be040098859e662ba94616cc51

  • SHA1

    3b3ec4ac86c462747a2190c33ca2a4588fcc9310

  • SHA256

    b190c0b66428b594f7507ae98fcc45e1907cb9cdf618919002791241ae94280f

  • SHA512

    54fa8de69114af4fc8ccfa5ef11a82587d3b74b5fa80e6e8d1683e5ce997db5d6ffc1b133ebcf97c226c2aad928696198392faaf184486685f0aa2a048a43dd3

Score
10/10
matiexkeyloggerstealer

Malware Config

Extracted

Family

matiex

C2

https://api.telegram.org/bot1769394961:AAF5BB35akL859CwVaXypIqpVsGWlaKvi7A/sendMessage?chat_id=1735544933

Targets

    • Target

      tmp/vbc.exe

    • Size

      1.4MB

    • MD5

      3668f9be040098859e662ba94616cc51

    • SHA1

      3b3ec4ac86c462747a2190c33ca2a4588fcc9310

    • SHA256

      b190c0b66428b594f7507ae98fcc45e1907cb9cdf618919002791241ae94280f

    • SHA512

      54fa8de69114af4fc8ccfa5ef11a82587d3b74b5fa80e6e8d1683e5ce997db5d6ffc1b133ebcf97c226c2aad928696198392faaf184486685f0aa2a048a43dd3

    Score
    10/10
    matiexkeyloggerstealer

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

      stealerkeyloggermatiex

    • Matiex Main Payload

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks