Overview

overview

10

Static

static

1

4678909876...78.exe

windows7_x64

10

4678909876...78.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    467890987654323456789098765432345678.exe

  • Size

    299KB

  • Sample

    220127-p8n9esdde2

  • MD5

    e04c69c79193ccaac508fe7279a1804f

  • SHA1

    75930a5d0e35815f213475e7af644f19f4ed14bf

  • SHA256

    56f473eb624769a6eb77762eba09ecfbb6e25f513e4280207de5ae06663e5452

  • SHA512

    fcf2671f30495f16fe2a8399f2536bb2e193ea774aa5e0f6f30f861eb0f145a43217522ddfb8af401cb41d92f5043cf8b9f6580aaff80006525b6cd5810674c9

Score
10/10
matiexcollectionkeyloggerspywarestealer

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    serv3.devmexico.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    3}l^pI#_4K_!

Targets

    • Target

      467890987654323456789098765432345678.exe

    • Size

      299KB

    • MD5

      e04c69c79193ccaac508fe7279a1804f

    • SHA1

      75930a5d0e35815f213475e7af644f19f4ed14bf

    • SHA256

      56f473eb624769a6eb77762eba09ecfbb6e25f513e4280207de5ae06663e5452

    • SHA512

      fcf2671f30495f16fe2a8399f2536bb2e193ea774aa5e0f6f30f861eb0f145a43217522ddfb8af401cb41d92f5043cf8b9f6580aaff80006525b6cd5810674c9

    Score
    10/10
    matiexcollectionkeyloggerspywarestealer

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

      stealerkeyloggermatiex

    • Matiex Main Payload

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks