Overview

overview

10

Static

static

REVISED_.exe

windows7_x64

10

REVISED_.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    184b7a500fad91c069dea731aed972920edd53757f15b92fade356fe043e1610

  • Size

    1.2MB

  • Sample

    220221-3gyknscffk

  • MD5

    8a10c23c1963937eb87bc549c133cdd1

  • SHA1

    3e0cc438de0b56e09a52de7d604e20a908353385

  • SHA256

    184b7a500fad91c069dea731aed972920edd53757f15b92fade356fe043e1610

  • SHA512

    4804967a786f685e109994ce8be147b6843ac6064c44601837ad74247457533a111b0628b6db54a4be9708f9f1d3362b9e0e5d1f0718f51827616b50b31e00e5

Score
10/10
matiexcollectionkeyloggerspywarestealer

Malware Config

Extracted

Family

matiex

Credentials

  • Protocol:     smtp
  • Host:
    smtp.gmail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    mrruben0094

Targets

    • Target

      REVISED_.EXE

    • Size

      579KB

    • MD5

      cbfb94a41abae103511d729b00687c7a

    • SHA1

      f491f44fbbaafb97275cc90ecaa37926534a6151

    • SHA256

      b9d37ce3380de623e8225b466fcd061db7f7828a2e39deace159e5c7f3455015

    • SHA512

      77bfe24a4b0dcc0badcf0b33fd1da5335fadf0e366db4411b0ca130fecefa288006c06cf5bf363edd1b038619e1f8654e0e88020c454e4b0399d906c17128a59

    Score
    10/10
    matiexcollectionkeyloggerspywarestealer

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

      stealerkeyloggermatiex

    • Matiex Main Payload

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks