Overview

overview

10

Static

static

4797508E2-...8G.exe

windows7_x64

1

4797508E2-...8G.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dd2daa1f70321c9e2d0087fc8fd54d7703cc83a06a2383cf9fced3d33dfa4c0a

  • Size

    252KB

  • Sample

    220502-skxgnsacck

  • MD5

    c9d153f16bc14e615dc42d05dbef199b

  • SHA1

    9da22b30ed35138ed903a59ca3f43ef18435eab4

  • SHA256

    dd2daa1f70321c9e2d0087fc8fd54d7703cc83a06a2383cf9fced3d33dfa4c0a

  • SHA512

    9654d5ea9f5eea0635b1f1f0622c01f83864a82133f8694d8ca3742b8fd1f85c52a6e93932f4d76f412dda77160eddddb1515f10b6317e520fdf0c0d1bcea2ce

Score
10/10
matiexcollectionkeyloggerstealer

Malware Config

Extracted

Family

matiex

Credentials

  • Protocol:     smtp
  • Host:
    pro40.emailserver.vn
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Huynhngoc@123

Targets

    • Target

      4797508E2-20F2-4C2C-879A-1C358G.exe

    • Size

      652KB

    • MD5

      696f1e6e8b7f8ed2b20e9aa689be7333

    • SHA1

      62cb835dc20ef745186fd3805c230b96c1177ba2

    • SHA256

      ce0e9c38f501c41244755438857cf76ab25727502b344c65d30075ff3338f43c

    • SHA512

      2971d105982aecea405c1c632953dad58bfd4fe32450d4d8c7e7cfde9ad2fde6af5acb113447a3322d0fe8b6171f471ef8b44cebedd621666210f0dd9741fe52

    Score
    10/10
    matiexcollectionkeyloggerstealer

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

      stealerkeyloggermatiex

    • Matiex Main Payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks