Overview

overview

10

Static

static

M097508E2-...9A.exe

windows7_x64

1

M097508E2-...9A.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5db167e8cc20f6b5d34a37383cc5c9299a40624073be1f8ebab5420975a39313

  • Size

    260KB

  • Sample

    220414-pj88asbec7

  • MD5

    c99a302039cf1d86ca16653df4d8ac1a

  • SHA1

    9f502a4c6f6cc9170199b8a19ae1f781e8116d5b

  • SHA256

    5db167e8cc20f6b5d34a37383cc5c9299a40624073be1f8ebab5420975a39313

  • SHA512

    8787289badb8af286812716e07838769078aff38728e45b12fd0bb9d2eb01f26fc9982b01dce225738e6165f7b17c4b00c6f039e78ae172a914a59899817a288

Score
10/10
matiexcollectionkeyloggerstealer

Malware Config

Extracted

Family

matiex

Credentials

  • Protocol:     smtp
  • Host:
    srvc13.turhost.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    italik2015

Targets

    • Target

      M097508E2-20F2-4C2C-879A.exe

    • Size

      709KB

    • MD5

      13f08d08bbaa99bfd4cf481cf682bd7d

    • SHA1

      210fce69f4278eb3f9e2574eb1d3fd7febe8212c

    • SHA256

      d32af58205d0773daf139d13738f918e03f4d30439086b6eda0dfceef3369b58

    • SHA512

      4483ba364a7525b2c8a6e2154a9d166873aba8ea1fa717c06aa90db7c1d540e317425cc33c254fbf41cd26cad2eb196c093b86d5c3e0c9c6fed358795d357330

    Score
    10/10
    matiexcollectionkeyloggerstealer

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

      stealerkeyloggermatiex

    • Matiex Main Payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks