Overview

overview

10

Static

static

46.exe

windows7_x64

1

46.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0127b631f8153cab11f6e747068acd58681a796de0e2e02384b2860fe290ecd8

  • Size

    207KB

  • Sample

    220503-scqzxsccam

  • MD5

    320a9f6f760b86523b0a1c001a6ed0ed

  • SHA1

    a999e25f9d5c756c65ae764e65992b2c388275f7

  • SHA256

    0127b631f8153cab11f6e747068acd58681a796de0e2e02384b2860fe290ecd8

  • SHA512

    2e4ee5836e8de0161d440b414812c2abc9a159d67ae177bb4bfd593ef2bd710a9b03b6716b457f40f7ffb7e80e80eb8413095bac185b9071cf8785bfb26cb73f

Score
10/10
matiexcollectionkeyloggerstealer

Malware Config

Extracted

Family

matiex

C2

https://api.telegram.org/bot1395392888:AAFrJovDdZICOFB0gX0eGWrAUzEKCRpv8xo/sendMessage?chat_id=1300181783

Targets

    • Target

      46.exe

    • Size

      614KB

    • MD5

      cc40d2d6a71943c5712838d6a70a0180

    • SHA1

      64395b42fd6dfe0963715d4ac74735f2a652fa98

    • SHA256

      51b38eda3fdba167788761800c8fe3d37882f4a0cebf94d2847809c00cd8459e

    • SHA512

      e0ad4c63a7b83f685d81ea6bf1d5b833f1b876ffa9aef2b570ed028bd47b49f03bbaf2d3d63043182b880d2b1d3354a772438301f958e1d14fca1393119b85f9

    Score
    10/10
    matiexcollectionkeyloggerstealer

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

      stealerkeyloggermatiex

    • Matiex Main Payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks