Overview

overview

10

Static

static

205146ce59...c1.exe

windows7_x64

10

205146ce59...c1.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    205146ce59425a87371d53d6a5ff9be127a2914b3e931361065ba56d7f84acc1

  • Size

    714KB

  • Sample

    220502-sdc5fshhfr

  • MD5

    c31ef8a4e6c0320263b90436ca3236be

  • SHA1

    90ba9958ec278f51a6f2bfc99c0de908d3d4fa5b

  • SHA256

    205146ce59425a87371d53d6a5ff9be127a2914b3e931361065ba56d7f84acc1

  • SHA512

    e78054eea698da91e6b85e60e83e940bf8fd88b73ad08031831d9a85b097c5e55d066cde0792ec87c1c5e248fb04fee36a96c85891b2dd14e4a334ff69ad6b24

Score
10/10
matiexcollectionkeyloggerstealer

Malware Config

Extracted

Family

matiex

C2

https://api.telegram.org/bot\MK-Voice.mp3/sendMessage?chat_id=A

Targets

    • Target

      205146ce59425a87371d53d6a5ff9be127a2914b3e931361065ba56d7f84acc1

    • Size

      714KB

    • MD5

      c31ef8a4e6c0320263b90436ca3236be

    • SHA1

      90ba9958ec278f51a6f2bfc99c0de908d3d4fa5b

    • SHA256

      205146ce59425a87371d53d6a5ff9be127a2914b3e931361065ba56d7f84acc1

    • SHA512

      e78054eea698da91e6b85e60e83e940bf8fd88b73ad08031831d9a85b097c5e55d066cde0792ec87c1c5e248fb04fee36a96c85891b2dd14e4a334ff69ad6b24

    Score
    10/10
    matiexcollectionkeyloggerstealer

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

      stealerkeyloggermatiex

    • Matiex Main Payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks