Overview

overview

10

Static

static

gsxp5mkd0ACsDub.exe

windows7_x64

10

gsxp5mkd0ACsDub.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8b899e8cbf23c5463bf7aaadf1b161298b96c260a7f87b3376142424237fcae3

  • Size

    502KB

  • Sample

    220503-zjbxxacbh8

  • MD5

    e50d6473f8216eef84d2588748685546

  • SHA1

    f13f322d8a2fc2b0594343147cefc7057ffd482e

  • SHA256

    8b899e8cbf23c5463bf7aaadf1b161298b96c260a7f87b3376142424237fcae3

  • SHA512

    a4f692a3ed9ea212cc34dc6ba0aa7c2322e19012f58b406c944eaf422b3f2c1caf459ada5ad7e82f6d9cf17b85adbe2d00600784b244e91e29c722639ee22b44

Score
10/10
matiexcollectionevasionkeyloggerspywarestealer

Malware Config

Extracted

Family

matiex

C2

https://api.telegram.org/bot1395392888:AAFrJovDdZICOFB0gX0eGWrAUzEKCRpv8xo/sendMessage?chat_id=1300181783

Targets

    • Target

      gsxp5mkd0ACsDub.exe

    • Size

      949KB

    • MD5

      ac9577cdc33e7cf5cd3193d9a02b5ee6

    • SHA1

      3ca264ffe003d0a1c3b196169ed5cf672b3b1794

    • SHA256

      e1f6a0b698c957d92bc86fdaf9add81405fc26c716f691fb34148485a93de97c

    • SHA512

      0f9b55ff971e618a53f2366f2a2dc7236ef513dffd561e0e0eb97c3166a738ae754ad9ea83e9d8803639c91f8bc8b90a843ca1a6fb854c7b8b978e88edb3e54a

    Score
    10/10
    matiexcollectionevasionkeyloggerspywarestealer

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

      stealerkeyloggermatiex

    • Matiex Main Payload

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Looks for VMWare Tools registry key

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks