Overview

overview

10

Static

static

R3209011873.exe

windows7_x64

1

R3209011873.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6c7311e2b17f44d10a2e029e4dce1db59d0b19131c744bb94083baa27badb137

  • Size

    193KB

  • Sample

    220520-qm4mnagfdk

  • MD5

    3f0aa896bd3f89486b42ac379b5e5c8e

  • SHA1

    a3b4b3e308a3194f99d7336ec09448433fed6d65

  • SHA256

    6c7311e2b17f44d10a2e029e4dce1db59d0b19131c744bb94083baa27badb137

  • SHA512

    73217cd491a355d3919595a55683743a6705ee3bf293fcacb909533c671babedca7ba43add73e35e3776093c0656d08f746b591deea3c9c54f8c184d3dd33b73

Score
10/10
matiexcollectionkeyloggerstealer

Malware Config

Extracted

Family

matiex

Credentials

  • Protocol:     smtp
  • Host:
    mail.metauxsud.com
  • Port:
    587
  • Username:
    euro@metauxsud.com
  • Password:
    hushpuppy2020
  • Email To:
    dollar@metauxsud.com

Targets

    • Target

      R3209011873.exe

    • Size

      555KB

    • MD5

      4c43289546bd0ae785093cf0ef3fba6c

    • SHA1

      8987ba13f0aa35479b67bede2c77cb241f541f77

    • SHA256

      ef7d84f2c3326943fbc546b736b513ceab056aa47bc8146ae205d7d5eac2622e

    • SHA512

      c98a9c2c7a4ea46e59d0daf0e674b629f3abd09a3bb715e7b8f19263482149eb4381471f51047e8568a04547f1a45bf00bea6ea4c43ab46cebcf20b092146980

    Score
    10/10
    matiexcollectionkeyloggerstealer

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

      stealerkeyloggermatiex

    • Matiex Main Payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks