Overview

overview

10

Static

static

0908000009h090000.exe

windows7_x64

1

0908000009h090000.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    442977f31528f2db2745d7675e06d966606531e98851b4b981da008f8901ebb8

  • Size

    218KB

  • Sample

    220502-npjn6aaad9

  • MD5

    18906e19c1cc0222c5506e3bc78d890d

  • SHA1

    004ed5a826927ae58c35c35265f15aba2dc78770

  • SHA256

    442977f31528f2db2745d7675e06d966606531e98851b4b981da008f8901ebb8

  • SHA512

    b36495930dcd194645599ed265555a8c8ebea20875f4403477f8bdd8d241ba630b938ebb205f9f9c5c9d2126f4b74cb2b71eee0845086948bc3db84eecbf5e08

Score
10/10
matiexcollectionkeyloggerstealer

Malware Config

Extracted

Family

matiex

Credentials

  • Protocol:     smtp
  • Host:
    srvc13.turhost.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    italik2015

Targets

    • Target

      0908000009h090000.exe

    • Size

      577KB

    • MD5

      40f119bd23e3dfe95c416a839da87142

    • SHA1

      164cca839ad92c95b3ccbf75873c8d590ff29c89

    • SHA256

      6fa65eef03e50dbaba9ba7729d7d5f4a24d9302c028ec1640db45d47096ab29d

    • SHA512

      57b30e1242d22c4445b28762fa0e14577169d1e6863a989f0cea6a6affe01800ca9c0e6820ee0818bddd8cc4de58754986927be8d06badd7187069c0eafe33b1

    Score
    10/10
    matiexcollectionkeyloggerstealer

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

      stealerkeyloggermatiex

    • Matiex Main Payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks