matiex | 0a6959c181966748ce98202d123ed479ce076b6d4db9eae9d2cbb62ac42dca49 | Triage

Submit
Reports

Overview

overview

Static

static

invoice _25280.exe

windows7_x64

invoice _25280.exe

windows10-2004_x64

Sharing

General

Target

0a6959c181966748ce98202d123ed479ce076b6d4db9eae9d2cbb62ac42dca49
Size

684KB
Sample

220420-czz84shea7
MD5

43ac24b42b50d40355d75d52268a98c5
SHA1

4f8eac0d038d14ec3f111f89eafc0cce686be7d0
SHA256

0a6959c181966748ce98202d123ed479ce076b6d4db9eae9d2cbb62ac42dca49
SHA512

2cf0a44f0f81701f74e2e5707227c9d18ded1b6a3af697564dd474a905c5ba68033df21aed2d80b27b41981f7528a0810d692040d8213bf5949f0e13e46f4910

Score

10^/10

matiex collection keylogger spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

invoice _25280.exe

Resource

win7-20220414-en

matiex collection keylogger spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

invoice _25280.exe

Resource

win10v2004-20220414-en

matiex collection keylogger spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

matiex

Credentials

Protocol: smtp
Host:
ebop.website
Port:
587
Username:
[email protected]
Password:
P@ssw0rdP@ssw0rd

Targets

- Target
  
  invoice _25280.exe
- Size
  
  739KB
- MD5
  
  40630dbc9ec33244bf5dd0a97d129909
- SHA1
  
  a48f654aada97d4d359e217bfa212adf07faba13
- SHA256
  
  f0b8f39cd0fd0a840db7c970362e5bd1e48600c341a97ffd1f742ea37f561bd8
- SHA512
  
  854c4e2b1dcabe82001d3f31cf7c41045eab6ba1a7c14027de6ce781df097cb70ff4dff39cea5d26f2c2789953683c10fe0a0fe4d5f8aabad00920434491c1af
Score

10^/10

matiex collection keylogger spyware stealer
- Matiex
  Matiex is a keylogger and infostealer first seen in July 2020.
  stealer keylogger matiex
- Matiex Main Payload
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

matiexcollectionkeyloggerspywarestealer

behavioral2

matiexcollectionkeyloggerspywarestealer

© 2018-2024

Terms | Privacy