Overview

overview

10

Static

static

4797508E2-...35.exe

windows7_x64

1

4797508E2-...35.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a9f6f4a036a29fa164f0f74cef5fb57171ad599e04ec25b02a78c59cdcdecdd3

  • Size

    216KB

  • Sample

    220503-y3deeabgc8

  • MD5

    d7b54b65df1fdbcc8dabdb642e3d6110

  • SHA1

    02eaa6af47414a82d733372e540dc41157bb59a4

  • SHA256

    a9f6f4a036a29fa164f0f74cef5fb57171ad599e04ec25b02a78c59cdcdecdd3

  • SHA512

    baf3b74e1d7d5149e3b5bceecb59adbd8c327bb49f75fafe0896b1e8d8c7c9dd8d58a49c058c20503f017e0542a076880280b1b01e92d003bce1b252d25cc47a

Score
10/10
matiexcollectionkeyloggerstealer

Malware Config

Extracted

Family

matiex

C2

https://api.telegram.org/bot1395392888:AAFrJovDdZICOFB0gX0eGWrAUzEKCRpv8xo/sendMessage?chat_id=1300181783

Targets

    • Target

      4797508E2-20F2-42C-879A-1C35.exe

    • Size

      628KB

    • MD5

      6a44a7c90b737edd4143bd8332a61f11

    • SHA1

      f9b37b7558a73bee19865141964687c53d3808db

    • SHA256

      bc3d62c45c60396f1896ca688f72acc91af5412bedd3d1c7ec3f6b1e3891f198

    • SHA512

      319ef283cce7d0a0c30d5c8a72c701bdcbe1a311a51b0b411710a2e56e191283e430a6082c907cccffcd95cc5a26761c8d4eeae6ac6d424c38d80a1e41d6cb6d

    Score
    10/10
    matiexcollectionkeyloggerstealer

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

      stealerkeyloggermatiex

    • Matiex Main Payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks