Overview

overview

10

Static

static

sample.exe

windows7_x64

10

sample.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c606f5189c0ab97530d03f5ac2170c940e3dcaf5cf008672041aed7f11a3367c

  • Size

    371KB

  • Sample

    220520-3t5vhshee9

  • MD5

    a66d66cfc418da4720c20b671cba331e

  • SHA1

    d6f3ba61d0b0854b82573ebfcbea0cf2f95efe5d

  • SHA256

    c606f5189c0ab97530d03f5ac2170c940e3dcaf5cf008672041aed7f11a3367c

  • SHA512

    1ef69f2f4f43bfae7f8372a389b82a3b28e21f7f2ee4a21960e5b9648df3c34d5e10d3738f2d088bd56a57b25c45460a0b0a17042c3e83a7724d69eace6b2377

Score
10/10
matiexkeyloggerspywarestealer

Malware Config

Extracted

Family

matiex

Credentials

  • Protocol:     smtp
  • Host:
    smtp.gmail.com
  • Port:
    587
  • Username:
    chikadibiaezeude@gmail.com
  • Password:
    Godwithme2020ezeude

Targets

    • Target

      sample.exe

    • Size

      478KB

    • MD5

      7fe68a75d5f97b92396dd4ccc87c520b

    • SHA1

      e05743081dcfe789e19edbb96b9d28e09e5566eb

    • SHA256

      aee3342cf4c2b1994336f3b0ebb9cf4a63c52fa41ef4430f83ac320aaba063bf

    • SHA512

      0da16a7b747c6013f84f4d817187a8f037bb4141dd39596cce62b537109e9d1d9f61abe14f3053d58363bad2cddd7a721fa83e29f520356dd1e417d8753d55a7

    Score
    10/10
    matiexkeyloggerspywarestealer

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

      stealerkeyloggermatiex

    • Matiex Main Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks