matiex | 983790f3afb9aa0fb567435bb73750a94e66d134cf6dbc2566089af6d6c0ce34 | Triage

Submit
Reports

Overview

overview

Static

static

Enijidjm.exe

windows7_x64

Enijidjm.exe

windows10-2004_x64

Sharing

General

Target

Enijidjm.001
Size

29KB
Sample

220211-j9kpqseafr
MD5

34f43688d7a1abe4f127f7c0ac9820b0
SHA1

453c7d1d72802950c3b6700e90a346ca03ffd3f3
SHA256

983790f3afb9aa0fb567435bb73750a94e66d134cf6dbc2566089af6d6c0ce34
SHA512

6b4cb52fd98110023b4e8b5fdd7aaf23a04c4e926fad2165e23023a882ec6343e0e1b0f73ffae4219bb8ad3363165a6273406e670f341153f93e0acdc6f3ac79

Score

10^/10

matiex collection keylogger persistence stealer

Static task

static1

Behavioral task

behavioral1

Sample

Enijidjm.exe

Resource

win7-en-20211208

matiex collection keylogger persistence stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Enijidjm.exe

Resource

win10v2004-en-20220113

matiex collection keylogger persistence stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
serv3.devmexico.com
Port:
587
Username:
[email protected]
Password:
3}l^pI#_4K_!

Extracted

Family

matiex

Credentials

Protocol: smtp
Host:
serv3.devmexico.com
Port:
587
Username:
[email protected]
Password:
3}l^pI#_4K_!
Email To:
[email protected]

Targets

- Target
  
  Enijidjm.exe
- Size
  
  111KB
- MD5
  
  dda708bbd533046daf479fd123f75cda
- SHA1
  
  b8dc0fa033f434eafe46df7c0320676c866814cb
- SHA256
  
  f442097ffe0336d6712267088a4368aa539f51f7ea7d1e950da88c6a42f1b29e
- SHA512
  
  b6c983e27964446d6c8c3dcb6f03d0cbb957fd2c2cbe2888444372a4a3b69b22d3e9b3e401972aa5b365bc6b810dbffef9aa0aaeb50bf8e31f720f173b961e58
Score

10^/10

matiex collection keylogger persistence stealer
- Matiex
  Matiex is a keylogger and infostealer first seen in July 2020.
  stealer keylogger matiex
- Matiex Main Payload
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

matiexcollectionkeyloggerpersistencestealer

behavioral2

matiexcollectionkeyloggerpersistencestealer

© 2018-2024

Terms | Privacy