Overview

overview

10

Static

static

DEKONT.exe

windows7_x64

1

DEKONT.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7f5764844ab366849a5c4dc0c5b6af4fce6b96b1f8411a8b6e4484a418aaf1d7

  • Size

    201KB

  • Sample

    220502-m94z6aeeal

  • MD5

    eca4790af75d4e727b47c93f37642cbd

  • SHA1

    1a719a0864b00ca16207d391d91c7c1461c6af59

  • SHA256

    7f5764844ab366849a5c4dc0c5b6af4fce6b96b1f8411a8b6e4484a418aaf1d7

  • SHA512

    d9e24a132b61737fbfe72fee8710718cb342481e590fd7f55ac5cb6ae3c7e104842535ad39a00479084c855cb5814228187204d03c5548fb9b95da4ff8bf24a8

Score
10/10
matiexcollectionkeyloggerstealer

Malware Config

Extracted

Family

matiex

Credentials

  • Protocol:     smtp
  • Host:
    srvc13.turhost.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    italik2015

Targets

    • Target

      DEKONT.exe

    • Size

      554KB

    • MD5

      b68bd92478369e4dcd776b77326fa66b

    • SHA1

      41b039e8d555c0b0b04d172b6509859b8e32c878

    • SHA256

      16fda49dd0a5b3c520619c1f5e88723cd2fe0c92b9cc2946416b2e29a1ccdfff

    • SHA512

      f216b9c25cdd054fcde7ed0038ab56a1a0952a65eee3b12cf41406a1908a7012683f8303981cad959bf904212cf8440b618fc39fd22275879eece52f45a111de

    Score
    10/10
    matiexcollectionkeyloggerstealer

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

      stealerkeyloggermatiex

    • Matiex Main Payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks