matiex | 2d4c000be3c4793450b66bb80510f8d73c2894c0c1182bb29041428277ce3096 | Triage

Submit
Reports

Overview

overview

Static

static

NKP210102-NIT-SC2.exe

windows7_x64

NKP210102-NIT-SC2.exe

windows10-2004_x64

Sharing

General

Target

2d4c000be3c4793450b66bb80510f8d73c2894c0c1182bb29041428277ce3096
Size

612KB
Sample

220221-25xgvabea7
MD5

9a0589957f0ee7825d9c6e25da6bff4d
SHA1

bc74d51c60f778066263eac0dffdf2252c543a92
SHA256

2d4c000be3c4793450b66bb80510f8d73c2894c0c1182bb29041428277ce3096
SHA512

4c9f7e3829bc14e57382344b8660b5fb3cd35c2552e9651b6ebd53784354c3e043132d36c29c4b13cf32ae5ff614033fa2c50ae0630e66bb55af7e1bbfaea25e

Score

10^/10

matiex collection keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

NKP210102-NIT-SC2.exe

Resource

win7-en-20211208

matiex collection keylogger stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

NKP210102-NIT-SC2.exe

Resource

win10v2004-en-20220112

matiex collection keylogger stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

matiex

Credentials

Protocol: smtp
Host:
mail.revistaeducar.com.ar
Port:
25
Username:
[email protected]
Password:
somchai#3774

Extracted

Credentials

Protocol: smtp
Host:
mail.revistaeducar.com.ar
Port:
25
Username:
[email protected]
Password:
somchai#3774

Targets

- Target
  
  NKP210102-NIT-SC2.exe
- Size
  
  897KB
- MD5
  
  65b5174a50b047604c2aed66369a4a88
- SHA1
  
  853e75392f379c6d9f655c53c881c45287ab2f6b
- SHA256
  
  8d8c5013933443f1f3e20db22a1abd56815cdd61b866f7953e032678f5e3d049
- SHA512
  
  04e5a3e89538fc8a7b83773f52a9424da327f7fc2709e2f64f977056078e9bee87fc9ebd29619607a63b8844d084f093aa8da7d223eb97154bdb8137312b0d0e
Score

10^/10

matiex collection keylogger stealer
- Matiex
  Matiex is a keylogger and infostealer first seen in July 2020.
  stealer keylogger matiex
- Matiex Main Payload
- Drops startup file
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

matiexcollectionkeyloggerstealer

behavioral2

matiexcollectionkeyloggerstealer

© 2018-2024

Terms | Privacy