matiex | b070101a217e99f96198bed4917fe82d36f39bb227674e04ddded3faaa3eb289 | Triage

Submit
Reports

Overview

overview

Static

static

MMMMMUTYYY...3X.exe

windows7_x64

3

MMMMMUTYYY...3X.exe

windows10-2004_x64

Sharing

General

Target

MMMMMUTYYYtrhOmoE27QSJu3X.exe
Size

796KB
Sample

220203-jrk8jsecgn
MD5

acaf6ded35d9b26f5ad943f1cb9f7cae
SHA1

989f2c4d4cca185d62a20e6db00a8451691118d1
SHA256

b070101a217e99f96198bed4917fe82d36f39bb227674e04ddded3faaa3eb289
SHA512

99ce6c746e3a0f7175a7c5c77bb3c50a68ceca15a80f69162c759d40872653767a3f37b5f09eb4f7fea557d8a2847e1fd825cb6a31042afbec0fce30c340027a

Score

10^/10

matiex keylogger persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

MMMMMUTYYYtrhOmoE27QSJu3X.exe

Resource

win7-en-20211208

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

MMMMMUTYYYtrhOmoE27QSJu3X.exe

Resource

win10v2004-en-20220112

matiex keylogger persistence spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

matiex

Credentials

Protocol: smtp
Host:
serv3.devmexico.com
Port:
587
Username:
[email protected]
Password:
3}l^pI#_4K_!
Email To:
[email protected]

Targets

- Target
  
  MMMMMUTYYYtrhOmoE27QSJu3X.exe
- Size
  
  796KB
- MD5
  
  acaf6ded35d9b26f5ad943f1cb9f7cae
- SHA1
  
  989f2c4d4cca185d62a20e6db00a8451691118d1
- SHA256
  
  b070101a217e99f96198bed4917fe82d36f39bb227674e04ddded3faaa3eb289
- SHA512
  
  99ce6c746e3a0f7175a7c5c77bb3c50a68ceca15a80f69162c759d40872653767a3f37b5f09eb4f7fea557d8a2847e1fd825cb6a31042afbec0fce30c340027a
Score

10^/10

matiex keylogger persistence spyware stealer
- Matiex
  Matiex is a keylogger and infostealer first seen in July 2020.
  stealer keylogger matiex
- Matiex Main Payload
- Sets service image path in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

matiexkeyloggerpersistencespywarestealer

© 2018-2024

Terms | Privacy