matiex

General

Target

99725ec38fcf92bc99e3bdc578df6e99.exe
Size

4.8MB
Sample

220227-lm9rfsdchq
MD5

99725ec38fcf92bc99e3bdc578df6e99
SHA1

7b7d735d341d6b536a212a3459b1b29c6dac5570
SHA256

65319388913885123db4c6ab82b51eded0a8dfdda606321840734e8f7571950e
SHA512

4bfb2a43a9ee84854d05a01908611baa1ad2005630d1112091bd0c3bfa30ba9e7745f792787620af1fe901ac63e7aa11b4435df796b902c4b49535a397e0786f

Score

10^/10

Malware Config

Targets

- Target
  
  99725ec38fcf92bc99e3bdc578df6e99.exe
- Size
  
  4.8MB
- MD5
  
  99725ec38fcf92bc99e3bdc578df6e99
- SHA1
  
  7b7d735d341d6b536a212a3459b1b29c6dac5570
- SHA256
  
  65319388913885123db4c6ab82b51eded0a8dfdda606321840734e8f7571950e
- SHA512
  
  4bfb2a43a9ee84854d05a01908611baa1ad2005630d1112091bd0c3bfa30ba9e7745f792787620af1fe901ac63e7aa11b4435df796b902c4b49535a397e0786f
Score

10^/10

matiex keylogger stealer collection spyware suricata
- Matiex
  Matiex is a keylogger and infostealer first seen in July 2020.
  stealer keylogger matiex
- Matiex Main Payload
- suricata: ET MALWARE Matiex Keylogger Exfil Via Telegram
  suricata: ET MALWARE Matiex Keylogger Exfil Via Telegram
  suricata
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2