Overview

overview

10

Static

static

DHL Shipment Info.exe

windows7_x64

10

DHL Shipment Info.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a4c832d2df84b3c31d5d1daf2f02c3e48e9f4b3b6f5d2032bb2fc425c662de66

  • Size

    546KB

  • Sample

    220520-2b3f1aabfm

  • MD5

    f03f3613e088aed817c2085cea98a629

  • SHA1

    ecb30ed714f3c83df8bf9c01afb1469215d60473

  • SHA256

    a4c832d2df84b3c31d5d1daf2f02c3e48e9f4b3b6f5d2032bb2fc425c662de66

  • SHA512

    deac7d5911263481009fe2447855aaa418acfdc31bcacc24057e1f7a01be6ee4e6d8526872cd5c49881d79a68d7e69712450dddde256a1f88c66479efaf2a10a

Score
10/10
matiexcollectionkeyloggerstealer

Malware Config

Extracted

Family

matiex

Credentials

  • Protocol:     smtp
  • Host:
    mail.marketinfosales.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    v,,++Y&AiD(B

Targets

    • Target

      DHL Shipment Info.exe

    • Size

      606KB

    • MD5

      c25c9e302e3bbc669e210c961e271f2e

    • SHA1

      cd2a44a2bae5b250be394f21c947014f2c6d1aab

    • SHA256

      6438b80d095ec295859cb2b1c099f1ae2ac0485705a447b991e84b551e40047e

    • SHA512

      19e136ddc62dffce0512fcdac20e0b1fcc65e9366b4cda15e1cd80d6907a5247b31469eb0579275ce8ef06335b06fa291c3a6d1746b373b81caa03ff0cd14a14

    Score
    10/10
    matiexcollectionkeyloggerstealer

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

      stealerkeyloggermatiex

    • Matiex Main Payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks