Overview

overview

10

Static

static

1

MOT-09800080000.exe

windows7_x64

7

MOT-09800080000.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fd39401c01097b075ab3e5ea0e26cac9355bbc197cb15dd003fc1d1f1fc3babe

  • Size

    504KB

  • Sample

    220207-3twa3sagek

  • MD5

    f0479d034c115632f971fc38504cb367

  • SHA1

    c2de71115182aa3586ae2906ba93a729f1bb7d3c

  • SHA256

    fd39401c01097b075ab3e5ea0e26cac9355bbc197cb15dd003fc1d1f1fc3babe

  • SHA512

    a7e0db82eef7848e77fe323baacf910d5ee6d7dd4f6835dd458d71cc7d8ef7c2c2aef59772cf4678dbec35da96f172d4509ab7a19da71f52c971b1b070b029da

Score
10/10
matiexcollectionkeyloggerpersistencestealer

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    srvc13.turhost.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    italik2015

Extracted

Family

matiex

Credentials

  • Protocol:     smtp
  • Host:
    srvc13.turhost.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    italik2015

Targets

    • Target

      MOT-09800080000.exe

    • Size

      525KB

    • MD5

      bda2eaf80ab5ed6fd1128d4ae02e2f1b

    • SHA1

      12aa26befa0055398748ae12ae0d04f286c565cb

    • SHA256

      ffcf5fb0cd579ec9b9ce49e2b1eafc62f89fdcb5d418e338cd6dab310a241a2d

    • SHA512

      a34e9c827d29efe8dc44296ee3a1dbd2daa59594125372099d6f1219a455c6d5de934848ca098dee50d0f7dfe09ed1db0337b0f1d7063e94749b24dd4b616087

    Score
    10/10
    persistencematiexcollectionkeyloggerstealer

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

      stealerkeyloggermatiex

    • Matiex Main Payload

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks