matiex | ee3a65a55a8a5401508bbb1c768afe90c92f42abb4181f17a32cfebaeb9408ba | Triage

Submit
Reports

Overview

overview

Static

static

ee3a65a55a...ba.exe

windows7_x64

ee3a65a55a...ba.exe

windows10-2004_x64

Sharing

General

Target

ee3a65a55a8a5401508bbb1c768afe90c92f42abb4181f17a32cfebaeb9408ba
Size

764KB
Sample

220502-schcsafec4
MD5

c1f0d6a6b9e1f4af3103c6814866292a
SHA1

3793096dc698b31e8ec42b6d1734212a48db6852
SHA256

ee3a65a55a8a5401508bbb1c768afe90c92f42abb4181f17a32cfebaeb9408ba
SHA512

17c93689a1b2fe6df0711209e9c62d5e0e3bebe5d5af72ab04b0d36edfc4cf3031e296fd17dd9bbd5e7affcc4dcf990f38e0f9ec59d2606d3acc53df5732ecca

Score

10^/10

matiex collection keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

ee3a65a55a8a5401508bbb1c768afe90c92f42abb4181f17a32cfebaeb9408ba.exe

Resource

win7-20220414-en

matiex collection keylogger stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ee3a65a55a8a5401508bbb1c768afe90c92f42abb4181f17a32cfebaeb9408ba.exe

Resource

win10v2004-20220414-en

matiex collection keylogger stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

matiex

Credentials

Protocol: smtp
Host:
mail.avicorrpinc.com
Port:
587
Username:
[email protected]
Password:
admin@abc123
Email To:
[email protected]

Targets

- Target
  
  ee3a65a55a8a5401508bbb1c768afe90c92f42abb4181f17a32cfebaeb9408ba
- Size
  
  764KB
- MD5
  
  c1f0d6a6b9e1f4af3103c6814866292a
- SHA1
  
  3793096dc698b31e8ec42b6d1734212a48db6852
- SHA256
  
  ee3a65a55a8a5401508bbb1c768afe90c92f42abb4181f17a32cfebaeb9408ba
- SHA512
  
  17c93689a1b2fe6df0711209e9c62d5e0e3bebe5d5af72ab04b0d36edfc4cf3031e296fd17dd9bbd5e7affcc4dcf990f38e0f9ec59d2606d3acc53df5732ecca
Score

10^/10

matiex collection keylogger stealer
- Matiex
  Matiex is a keylogger and infostealer first seen in July 2020.
  stealer keylogger matiex
- Matiex Main Payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

matiexcollectionkeyloggerstealer

behavioral2

matiexcollectionkeyloggerstealer

© 2018-2024

Terms | Privacy