Overview

overview

10

Static

static

004797508E...1d.exe

windows7_x64

1

004797508E...1d.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bc31fc4bea86c69967c99b00e5e465c27c4712fcc2a7ea737a1d449185e84a28

  • Size

    199KB

  • Sample

    220502-m3y6bshfa3

  • MD5

    56936382515bb9c6fe8c9c555ada7ec4

  • SHA1

    23190f3616ed41932ad6330f7fbc8b398fd75c83

  • SHA256

    bc31fc4bea86c69967c99b00e5e465c27c4712fcc2a7ea737a1d449185e84a28

  • SHA512

    334b0318b4716a02bba8af1115053dc8229d0838d2a816c4f8f4867741dd64e1ec6f6d043251bc1ada4e72ddaf358d4378731b9b88e62971169cc75fa1bba688

Score
10/10
matiexcollectionkeyloggerstealer

Malware Config

Extracted

Family

matiex

Credentials

  • Protocol:     smtp
  • Host:
    srvc13.turhost.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    italik2015

Targets

    • Target

      004797508E2-20F2-4C2C-879A-1C358609BA01d.exe

    • Size

      545KB

    • MD5

      77622db39954d9de5f409d926e2291f4

    • SHA1

      ee96a88632770b165839da16b83210a091ca5ccb

    • SHA256

      4a40496f800e2a11c1e2a12176d062b59fe536f18fb236f98e66231448aaa2e8

    • SHA512

      a1ce28d8f6f3005b679f6969f512aac8d6e3e0e21b632763094fc679b62ef67e7e6b50de111c48bb2293d995559744c1cc771a11445572084a2bfa18f34cd188

    Score
    10/10
    matiexcollectionkeyloggerstealer

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

      stealerkeyloggermatiex

    • Matiex Main Payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks