matiex | 9e9bd94fe6b1ed63cd9d5e3c21a2785fd411fc0b39be7c60f0ed55da1df2d828 | Triage

Submit
Reports

Overview

overview

Static

static

M0O09080O00.exe

windows7_x64

M0O09080O00.exe

windows10-2004_x64

Sharing

General

Target

9e9bd94fe6b1ed63cd9d5e3c21a2785fd411fc0b39be7c60f0ed55da1df2d828
Size

333KB
Sample

220520-2cfnmaabhp
MD5

6200ebd2a6065218b0b8673e1e2899e5
SHA1

7a5c9392772aa1b1690a824fe9e89fd683512074
SHA256

9e9bd94fe6b1ed63cd9d5e3c21a2785fd411fc0b39be7c60f0ed55da1df2d828
SHA512

ed17c61283d73cc7b14abc1567000000487d9d00592afb19734772708f0b89cf1aa35e3bd9a59b05477d4be455eb0cf7ffa789f70422d112661c55521093883d

Score

10^/10

matiex collection keylogger spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

M0O09080O00.exe

Resource

win7-20220414-en

matiex collection keylogger spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

M0O09080O00.exe

Resource

win10v2004-20220414-en

matiex keylogger spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

matiex

Credentials

Protocol: smtp
Host:
srvc13.turhost.com
Port:
587
Username:
info@bilgitekdagitim.com
Password:
italik2015

Targets

- Target
  
  M0O09080O00.exe
- Size
  
  417KB
- MD5
  
  a3ce2bb54fcff687892013553aba0e6d
- SHA1
  
  7d47db86cc89248b24be0c0f32a32fdd9328ed02
- SHA256
  
  a83313423eb4ec63591766985452770fa671506b821b927dd015b9e919fcad11
- SHA512
  
  7b094842c2ae12f732dc49465e5583a8b67ca0e0ace2082f25e1e704b936a417f0aa9a962aefc69cbe72ff7ba392395c73999094dc7e9e6670711affcfb807c6
Score

10^/10

matiex collection keylogger spyware stealer
- Matiex
  Matiex is a keylogger and infostealer first seen in July 2020.
  stealer keylogger matiex
- Matiex Main Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

matiexcollectionkeyloggerspywarestealer

behavioral2

matiexkeyloggerspywarestealer

© 2018-2024

Terms | Privacy