matiex | 3680b8c8760e1b0546d796885b5161d55aa786f27bb010539ddff0ae858123c6 | Triage

Submit
Reports

Overview

overview

Static

static

3680b8c876...c6.exe

windows7_x64

3680b8c876...c6.exe

windows10-2004_x64

Sharing

General

Target

3680b8c8760e1b0546d796885b5161d55aa786f27bb010539ddff0ae858123c6
Size

471KB
Sample

220319-mkb8vafge5
MD5

543036f3c5fdfcb84ccbf3b26ec82306
SHA1

e379742fed9808c0928c48777f667ee342cc466d
SHA256

3680b8c8760e1b0546d796885b5161d55aa786f27bb010539ddff0ae858123c6
SHA512

d9e86bed97bb5cc34978459743e072a1905c88acea8a93367a8ddfe9a30483224389e5bd5445a3a294b4d0b2c6dc22e69100300a187a5db1a0dc1681e0330ed4

Score

10^/10

matiex collection keylogger spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

3680b8c8760e1b0546d796885b5161d55aa786f27bb010539ddff0ae858123c6.exe

Resource

win7-20220311-en

matiex collection keylogger spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3680b8c8760e1b0546d796885b5161d55aa786f27bb010539ddff0ae858123c6.exe

Resource

win10v2004-20220310-en

matiex keylogger spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

matiex

Credentials

Protocol: smtp
Host:
srvc13.turhost.com
Port:
587
Username:
[email protected]
Password:
italik2015

Targets

- Target
  
  3680b8c8760e1b0546d796885b5161d55aa786f27bb010539ddff0ae858123c6
- Size
  
  471KB
- MD5
  
  543036f3c5fdfcb84ccbf3b26ec82306
- SHA1
  
  e379742fed9808c0928c48777f667ee342cc466d
- SHA256
  
  3680b8c8760e1b0546d796885b5161d55aa786f27bb010539ddff0ae858123c6
- SHA512
  
  d9e86bed97bb5cc34978459743e072a1905c88acea8a93367a8ddfe9a30483224389e5bd5445a3a294b4d0b2c6dc22e69100300a187a5db1a0dc1681e0330ed4
Score

10^/10

matiex collection keylogger spyware stealer
- Matiex
  Matiex is a keylogger and infostealer first seen in July 2020.
  stealer keylogger matiex
- Matiex Main Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

matiexcollectionkeyloggerspywarestealer

behavioral2

matiexkeyloggerspywarestealer

© 2018-2024

Terms | Privacy