Overview

overview

10

Static

static

0900009090000.exe

windows7_x64

1

0900009090000.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    588dc1b105e5255e0185036768f5201bed501cfa6a273721b5ab52807739ff74

  • Size

    218KB

  • Sample

    220502-nph3maegen

  • MD5

    03ac649737e97213c52437f7ad331e01

  • SHA1

    781085a42dd85eb3788ca5e6d38d4bb3868b1449

  • SHA256

    588dc1b105e5255e0185036768f5201bed501cfa6a273721b5ab52807739ff74

  • SHA512

    71bd97911d9cbdded5c6852b0cd206c5b76339a090291f9f8bda3283ca0b25782239ba1e88996a21b78e5fbde0e87c3e1f8e9036c0119e9aa6d2dfed7f0faa87

Score
10/10
matiexcollectionkeyloggerstealer

Malware Config

Extracted

Family

matiex

Credentials

  • Protocol:     smtp
  • Host:
    srvc13.turhost.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    italik2015

Targets

    • Target

      0900009090000.exe

    • Size

      577KB

    • MD5

      a543084b74043d3373fe007ecf2924af

    • SHA1

      0b06349a0f26179f6e5e43181e4d248ee8bab127

    • SHA256

      6989ffe534c2303d7fcc4f5f8b81515a3d30a53ecb395a935bc46391de88b023

    • SHA512

      57af1f424d02c4ba8f66a011b007b559e5cca570d8c3d630415b993544d2caddd9de3fe9ecec4d626142fca884512913ef6c9665b754e6b4a586d70852293a83

    Score
    10/10
    matiexcollectionkeyloggerstealer

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

      stealerkeyloggermatiex

    • Matiex Main Payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks