Overview

overview

10

Static

static

50208488 A...30.exe

windows7_x64

1

50208488 A...30.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    992c8c63aa0978780c459f741825cfc6e118b08a26f57cabccb08bd864e2ee5e

  • Size

    213KB

  • Sample

    220414-pkfx5sgccr

  • MD5

    3999c8722f4fc91a02ea2637300329e4

  • SHA1

    4242749c41a0feea4733e654a023c84b25384882

  • SHA256

    992c8c63aa0978780c459f741825cfc6e118b08a26f57cabccb08bd864e2ee5e

  • SHA512

    a45dcb646c4b2924f110572c9bdcaa93338918f1b35c3774271b36fb46c380789bd51b5f1b350464f569e064e7c0a7cdf7c752c70aeb281463f9af40eeb46353

Score
10/10
matiexcollectionkeyloggerstealer

Malware Config

Extracted

Family

matiex

Credentials

  • Protocol:     smtp
  • Host:
    srvc13.turhost.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    italik2015

Targets

    • Target

      50208488 AEJEA 81890010169430.exe

    • Size

      581KB

    • MD5

      1b485e01e597352e81f18d2a828edee3

    • SHA1

      09329b97c027cffbc9d34e5d49a3794b7209e246

    • SHA256

      039b571653cbd974ebb9e8c37c048d0f9c4e5302db86a7400ed7a81708cb6c8c

    • SHA512

      a124dbed4e5cc1809f9e473e2c0c84ddce944955ecb50adc8bf57f5134e0f282722a6a4ad23e62e2df333eaebe57878b0d40bae40867f24c9ec5efdb9b9ba53e

    Score
    10/10
    matiexcollectionkeyloggerstealer

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

      stealerkeyloggermatiex

    • Matiex Main Payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks