Overview

overview

10

Static

static

PRODUCT LI...TS.exe

windows7_x64

10

PRODUCT LI...TS.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PRODUCT LIST AND REQUIREMENTS.cmd

  • Size

    1.7MB

  • Sample

    220210-ge685segfr

  • MD5

    3503052c21905540c370721cbd53bbea

  • SHA1

    029640cc20901a8d59e7d49e85bda356752b5d35

  • SHA256

    b96850cee9d8aa809a8309e59494684dabb15283f681f6f3d45fd8d8b805e219

  • SHA512

    efb959b99272233681dd32b6a1a21e4d6674a9442ac08f5c54d7bb1349f459f0aa98cd7c3e0a1c10a1b8a936a8dbdce0062dd857cc300f1db2746f44c0d61d85

Score
10/10
matiexcollectionkeyloggerstealer

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    aarescuenigeria.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    master@123

Extracted

Family

matiex

Credentials

Targets

    • Target

      PRODUCT LIST AND REQUIREMENTS.cmd

    • Size

      1.7MB

    • MD5

      3503052c21905540c370721cbd53bbea

    • SHA1

      029640cc20901a8d59e7d49e85bda356752b5d35

    • SHA256

      b96850cee9d8aa809a8309e59494684dabb15283f681f6f3d45fd8d8b805e219

    • SHA512

      efb959b99272233681dd32b6a1a21e4d6674a9442ac08f5c54d7bb1349f459f0aa98cd7c3e0a1c10a1b8a936a8dbdce0062dd857cc300f1db2746f44c0d61d85

    Score
    10/10
    matiexcollectionkeyloggerstealer

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

      stealerkeyloggermatiex

    • Matiex Main Payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks