Overview

overview

10

Static

static

2797508E2-...9A.exe

windows7_x64

1

2797508E2-...9A.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f8cbc16207bcb0ed823a11472d92e3304be87f8a4a26475d0afe154ef94122f7

  • Size

    238KB

  • Sample

    220502-skzl2afgh2

  • MD5

    b001da1656735012b4eb72d421f0cb29

  • SHA1

    e74ade725bb9590488aaaee3b8e4bb6322a938bc

  • SHA256

    f8cbc16207bcb0ed823a11472d92e3304be87f8a4a26475d0afe154ef94122f7

  • SHA512

    3763d23d81d88272c96e714aa2a9384e0aada5eed33ce8e9846143c57cc45a6eeb8e56817d681227025da690ba649532cd188ec076ed9ef8aa9647ed3b316bc6

Score
10/10
matiexcollectionkeyloggerstealer

Malware Config

Extracted

Family

matiex

Credentials

  • Protocol:     smtp
  • Host:
    pro40.emailserver.vn
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Huynhngoc@123

Targets

    • Target

      2797508E2-20F2-4C2C-879A.exe

    • Size

      668KB

    • MD5

      374e8dc3b94876fa4dcb268599802eb9

    • SHA1

      d1a4fa01f5df469d4f0500743d889b82f004cff8

    • SHA256

      8280027cf2f493a836aefff88a0fdc476bad22df8ffb103e279b694951762714

    • SHA512

      b0256c4d63ca995704db9ac145c24da7967d432b26518f71e3dc67163ffa4865a39fe10731a6c33deb60c6fa0d20c44f3ba999246ad0d0c4789bd265037e5a67

    Score
    10/10
    matiexcollectionkeyloggerstealer

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

      stealerkeyloggermatiex

    • Matiex Main Payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks