matiex | f158a1e36c936286a10c2a463439b7d8b16271ca16838cc92ff2219541ecc8e8 | Triage

Submit
Reports

Overview

overview

Static

static

f158a1e36c...e8.exe

windows7_x64

1

f158a1e36c...e8.exe

windows10-2004_x64

Sharing

General

Target

f158a1e36c936286a10c2a463439b7d8b16271ca16838cc92ff2219541ecc8e8
Size

595KB
Sample

220420-dfwl9aace8
MD5

e6bab12c7456216175a7ed7598d39b02
SHA1

525990e346d2708da8ef38dd0254e49f2c3330b6
SHA256

f158a1e36c936286a10c2a463439b7d8b16271ca16838cc92ff2219541ecc8e8
SHA512

b90c9d3e55b48d42e165bbe9d12217d2d4c31bcce5ec2590fd2bfb26e068d5dd8d8515eaa6b5e5b98f26e2066142c2a432bbea7ad1f955dfc9a916e3da98dcad

Score

10^/10

matiex collection keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

f158a1e36c936286a10c2a463439b7d8b16271ca16838cc92ff2219541ecc8e8.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

f158a1e36c936286a10c2a463439b7d8b16271ca16838cc92ff2219541ecc8e8.exe

Resource

win10v2004-20220414-en

matiex collection keylogger stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

matiex

C2

https://api.telegram.org/bot1402180145:AAG6hmg8QGRGiHQwRXC9wKOtIEyFy3aT6ms/sendMessage?chat_id=1299507057

Targets

- Target
  
  f158a1e36c936286a10c2a463439b7d8b16271ca16838cc92ff2219541ecc8e8
- Size
  
  595KB
- MD5
  
  e6bab12c7456216175a7ed7598d39b02
- SHA1
  
  525990e346d2708da8ef38dd0254e49f2c3330b6
- SHA256
  
  f158a1e36c936286a10c2a463439b7d8b16271ca16838cc92ff2219541ecc8e8
- SHA512
  
  b90c9d3e55b48d42e165bbe9d12217d2d4c31bcce5ec2590fd2bfb26e068d5dd8d8515eaa6b5e5b98f26e2066142c2a432bbea7ad1f955dfc9a916e3da98dcad
Score

10^/10

matiex collection keylogger stealer
- Matiex
  Matiex is a keylogger and infostealer first seen in July 2020.
  stealer keylogger matiex
- Matiex Main Payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

matiexcollectionkeyloggerstealer

© 2018-2024

Terms | Privacy