matiex | e3dc0ebb79c5497c927c15b67ea203ca2860681e3e8b063f91fec264193c5961 | Triage

Submit
Reports

Overview

overview

Static

static

e3dc0ebb79...61.exe

windows7_x64

e3dc0ebb79...61.exe

windows10-2004_x64

8

Sharing

General

Target

e3dc0ebb79c5497c927c15b67ea203ca2860681e3e8b063f91fec264193c5961
Size

546KB
Sample

220508-gzs71shah7
MD5

0d8d14b3e6739610579cbcec8bcad92e
SHA1

5c5c5c3bc5b9277cd9a0483b7cd8ec6f85355b4c
SHA256

e3dc0ebb79c5497c927c15b67ea203ca2860681e3e8b063f91fec264193c5961
SHA512

dcc70688bb2d3cf8feeaf6492955ebb3789dd954da6b1a4c688750032f64e1cf114f4f3497fab1bc330587fa3746c30c9250a01400242d8514eeb10076a8db24

Score

10^/10

matiex keylogger persistence stealer

Static task

static1

Behavioral task

behavioral1

Sample

e3dc0ebb79c5497c927c15b67ea203ca2860681e3e8b063f91fec264193c5961.exe

Resource

win7-20220414-en

matiex keylogger persistence stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

e3dc0ebb79c5497c927c15b67ea203ca2860681e3e8b063f91fec264193c5961.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

matiex

C2

https://api.telegram.org/bot1337162934:AAEz0dj2pspqp1QusSdUa-ANUccTUIA_t-s/sendMessage?chat_id=1302007902

Targets

- Target
  
  e3dc0ebb79c5497c927c15b67ea203ca2860681e3e8b063f91fec264193c5961
- Size
  
  546KB
- MD5
  
  0d8d14b3e6739610579cbcec8bcad92e
- SHA1
  
  5c5c5c3bc5b9277cd9a0483b7cd8ec6f85355b4c
- SHA256
  
  e3dc0ebb79c5497c927c15b67ea203ca2860681e3e8b063f91fec264193c5961
- SHA512
  
  dcc70688bb2d3cf8feeaf6492955ebb3789dd954da6b1a4c688750032f64e1cf114f4f3497fab1bc330587fa3746c30c9250a01400242d8514eeb10076a8db24
Score

10^/10

matiex keylogger persistence stealer
- Matiex
  Matiex is a keylogger and infostealer first seen in July 2020.
  stealer keylogger matiex
- Matiex Main Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

matiexkeyloggerpersistencestealer

behavioral2

© 2018-2024

Terms | Privacy