matiex | e9295dd329dcc4a87a96772a910ba5d951f20bf5b4aad56dd2504eb10969fa88 | Triage

Submit
Reports

Overview

overview

Static

static

M09080000000.exe

windows7_x64

M09080000000.exe

windows10-2004_x64

Sharing

General

Target

e9295dd329dcc4a87a96772a910ba5d951f20bf5b4aad56dd2504eb10969fa88
Size

187KB
Sample

220520-3mc6xshbd8
MD5

46dbab73b6e0dfd141f7ddbb26f5dc41
SHA1

853e3406fa80583b6e424cfc66ea58911a4b7ec3
SHA256

e9295dd329dcc4a87a96772a910ba5d951f20bf5b4aad56dd2504eb10969fa88
SHA512

c0bd22461322b6915b56e71c0e7cb0f3ba8802c38eb74c4c5325241155ddf1cc6604de4d54f8c55b8758937853f2831c10c16af30dcacb3bf62dda7ad5de2603

Score

10^/10

matiex collection keylogger spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

M09080000000.exe

Resource

win7-20220414-en

matiex collection keylogger spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

M09080000000.exe

Resource

win10v2004-20220414-en

matiex collection keylogger spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

matiex

Credentials

Protocol: smtp
Host:
srvc13.turhost.com
Port:
587
Username:
info@bilgitekdagitim.com
Password:
italik2015

Targets

- Target
  
  M09080000000.exe
- Size
  
  619KB
- MD5
  
  072c613d1f936ac409e59949503ab55e
- SHA1
  
  ed85d7ea0a061e9c971cc01ab47efad6028eef76
- SHA256
  
  90524b90bad8dd82b6b6aa41f4f98211dd5e6d0c9524e72a72e8a1e855b71689
- SHA512
  
  980517439fdcda8021053ec66a42203f9ec2f2be9e4a3490b120ed964454e74d3a0beea0e10c7f2a8bd2bda6cdbc45624efd5d317cd58fe170151436cb1e6048
Score

10^/10

matiex collection keylogger spyware stealer
- Matiex
  Matiex is a keylogger and infostealer first seen in July 2020.
  stealer keylogger matiex
- Matiex Main Payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

matiexcollectionkeyloggerspywarestealer

behavioral2

matiexcollectionkeyloggerspywarestealer

© 2018-2024

Terms | Privacy