matiex | 3667609f0c24ab6f0f752272d3912979fb5a589c0e067d09279947d5852adfd6 | Triage

Submit
Reports

Overview

overview

Static

static

kart bilgisizzz.exe

windows7_x64

kart bilgisizzz.exe

windows10-2004_x64

7

Sharing

General

Target

3667609f0c24ab6f0f752272d3912979fb5a589c0e067d09279947d5852adfd6
Size

530KB
Sample

220502-28scascaf9
MD5

a2fba1dec44bfa5b15766e018b35869c
SHA1

98ebee7100c4453cb3bb517ef9e6d4d705e8d95c
SHA256

3667609f0c24ab6f0f752272d3912979fb5a589c0e067d09279947d5852adfd6
SHA512

96e8807fdbdc21ae805af0be829ec79089c2879ca979672090d94f9100b19d018a9915d5dc247c801df7a17f05ff066e65f798c957f8469d49d871c5242c987d

Score

10^/10

matiex collection keylogger spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

kart bilgisizzz.exe

Resource

win7-20220414-en

matiex collection keylogger spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

kart bilgisizzz.exe

Resource

win10v2004-20220414-en

collection spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

matiex

Credentials

Protocol: smtp
Host:
srvc13.turhost.com
Port:
587
Username:
[email protected]
Password:
italik2015

Targets

- Target
  
  kart bilgisizzz.exe
- Size
  
  547KB
- MD5
  
  e403224181d35975467c43df34caaf3b
- SHA1
  
  e2af3fe3b2ff9ed604ea6ca40fc2a7e18fef7f64
- SHA256
  
  4c56e5f1863de0fa8fa4f2104de8d14a695eaa7e61158a71aeabef051cc025b1
- SHA512
  
  59bd3516ff72ba7b990e7d8b1b6951d3f07d8aa2958a7957642c91e2fc19191d577247849eb925bb6f20e6da4575175364d8304e2c49eca0a876a74f5249e392
Score

10^/10

matiex collection keylogger spyware stealer
- Matiex
  Matiex is a keylogger and infostealer first seen in July 2020.
  stealer keylogger matiex
- Matiex Main Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

matiexcollectionkeyloggerspywarestealer

behavioral2

collectionspywarestealer

© 2018-2024

Terms | Privacy