matiex | 9975e7afa1b740087e674d0e8600e95c14fbe862a14b7188e709723d6123f732 | Triage

Submit
Reports

Overview

overview

Static

static

Quotation 7339.exe

windows7_x64

Quotation 7339.exe

windows10-2004_x64

Sharing

General

Target

9975e7afa1b740087e674d0e8600e95c14fbe862a14b7188e709723d6123f732
Size

732KB
Sample

220502-1c3mqabfh3
MD5

f0d0649e3ee59f959248f4535990ac5e
SHA1

8422a51c138dafd03f984682cb8fb63ea932bafa
SHA256

9975e7afa1b740087e674d0e8600e95c14fbe862a14b7188e709723d6123f732
SHA512

fa54e190aafe09e838f43781635ac8da292f89653c5bd3d49b946967e4ba39b5b8a956e7e6777793d326e03654ca7c11295b92ab6627ef958511f21776a95b93

Score

10^/10

matiex collection keylogger persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Quotation 7339.exe

Resource

win7-20220414-en

matiex collection keylogger persistence spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Quotation 7339.exe

Resource

win10v2004-20220414-en

matiex collection keylogger persistence spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

matiex

Credentials

Protocol: smtp
Host:
srvc13.turhost.com
Port:
587
Username:
[email protected]
Password:
italik2015

Targets

- Target
  
  Quotation 7339.exe
- Size
  
  3.6MB
- MD5
  
  830dcd49c9b23bf35d7d8bc6caf099a8
- SHA1
  
  8faecce6b954965528969fc946e7650865dbd763
- SHA256
  
  0ee6256edbcb97ace761a15d86ce3e3adc080364f752473dd941339060a4e4b2
- SHA512
  
  d7f7ac208933fb7a7aa65524bc4c37c983b7b01e1b1b112f0b83749b9bbc915d1678add8fcce77279a8859c496d690a879a84d525f9e987170479566ba8d8ea5
Score

10^/10

matiex collection keylogger persistence spyware stealer
- Matiex
  Matiex is a keylogger and infostealer first seen in July 2020.
  stealer keylogger matiex
- Matiex Main Payload
- Modifies WinLogon for persistence
  persistence
- Drops startup file
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

matiexcollectionkeyloggerpersistencespywarestealer

behavioral2

matiexcollectionkeyloggerpersistencespywarestealer

© 2018-2024

Terms | Privacy