Overview

overview

10

Static

static

DEKONT.exe

windows7_x64

1

DEKONT.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ee2ad2e20582f55bf1f770795c07595b22505be9e9c7f6b491889b976e051532

  • Size

    207KB

  • Sample

    220427-ssramaeggr

  • MD5

    dbd61226a3da2806edb46d17901c72c4

  • SHA1

    c9d5825af10b2b15f62082cdc72e649cef9eeadf

  • SHA256

    ee2ad2e20582f55bf1f770795c07595b22505be9e9c7f6b491889b976e051532

  • SHA512

    65e6fbdb26b286f101fa2526778d69706a7b0904b48706359e3e6cd69075d6099ac4eb946c9aaf4557f86eb1521e4113ca117c84ee308ae3fc29826d0c631214

Score
10/10
matiexcollectionkeyloggerstealer

Malware Config

Extracted

Family

matiex

Credentials

  • Protocol:     smtp
  • Host:
    srvc13.turhost.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    italik2015

Targets

    • Target

      DEKONT.exe

    • Size

      611KB

    • MD5

      da248e530b6e65e7457a6d472e0aeb47

    • SHA1

      84ab397a9d4008c916666d9119e9fdc4b70d5642

    • SHA256

      d57b7809ae71b779b00aa2e7e3b55c3ff6c210453e19a872489e330285031ed3

    • SHA512

      dfae1e4876df412dbe8137c725a99023485e9e9a8cfbbeeb2026015903ed1522b2d3b1f613c3f4107880c484ee2314907341edb77f1091c670dde4b1dbf47589

    Score
    10/10
    matiexcollectionkeyloggerstealer

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

      stealerkeyloggermatiex

    • Matiex Main Payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks