matiex | 0b09ec3596a13fa899e10cb15eab334ab0eb263b714ffcb3110ce24e1a1bdbda | Triage

Submit
Reports

Overview

overview

Static

static

File.exe

windows7_x64

File.exe

windows10-2004_x64

Sharing

General

Target

0b09ec3596a13fa899e10cb15eab334ab0eb263b714ffcb3110ce24e1a1bdbda
Size

395KB
Sample

220520-rpvyzabagn
MD5

bdcd67f21c0ac5891d97a38afc29d98d
SHA1

3725b3bd35f829a82f8eb698e6beb61f4c7bd41f
SHA256

0b09ec3596a13fa899e10cb15eab334ab0eb263b714ffcb3110ce24e1a1bdbda
SHA512

a4b22f19c3f535530b93b4642b6885bf4c0a629df162e0ef3bad1c02631bd0f44abc14fd73736cfa5b8f1438881ceb48d953da9ffacbefc2560aeffda20d91b4

Score

10^/10

matiex collection keylogger spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

File.exe

Resource

win7-20220414-en

matiex collection keylogger spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

File.exe

Resource

win10v2004-20220414-en

matiex collection keylogger spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

matiex

Credentials

Protocol: smtp
Host:
SMTP.gmail.com
Port:
587
Username:
officialmarc54@gmail.com
Password:
blessmelord

Targets

- Target
  
  File.exe
- Size
  
  693KB
- MD5
  
  c66a781c007bb89b164c49068e8a5d58
- SHA1
  
  fb6cef4cbcdb878b0b95a7fe0850832010d2f2e9
- SHA256
  
  f2c8e60f6dea2f01ded10eed11783cd5173650bbc6e14d8ec891f441fea26b42
- SHA512
  
  805e0cf784827848a5c1e60d2e9fe032cc4edf7b5677cf2f93ec21d8e499815fc16d8b1b70a29ae7e22481f6e2a5e354d5cffe969a435574431fad8ae998bd43
Score

10^/10

matiex collection keylogger spyware stealer
- Matiex
  Matiex is a keylogger and infostealer first seen in July 2020.
  stealer keylogger matiex
- Matiex Main Payload
- Drops startup file
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

matiexcollectionkeyloggerspywarestealer

behavioral2

matiexcollectionkeyloggerspywarestealer

© 2018-2024

Terms | Privacy