matiex | 36a301b3b91f34a31803fcf6954a083196d1d2d59a21a532f43ca003e294af38 | Triage

Submit
Reports

Overview

overview

Static

static

WINDOW-DEF...te.exe

windows7_x64

WINDOW-DEF...te.exe

windows10-2004_x64

Sharing

General

Target

36a301b3b91f34a31803fcf6954a083196d1d2d59a21a532f43ca003e294af38
Size

242KB
Sample

220521-b6nm8adag7
MD5

2065819d2482bcac4b2c20ddeaa55836
SHA1

153b5b4800216d805ef488fbc2e1ba8dc46ac8b6
SHA256

36a301b3b91f34a31803fcf6954a083196d1d2d59a21a532f43ca003e294af38
SHA512

b61baf598dc9c1f1da191af0732c2271b1e34949808b32da90697d146110e87a8923c0353ee3cc6c8343ecb031e60d26e94ba0471364ada922f76e5b6a6ef844

Score

10^/10

matiex collection keylogger spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

WINDOW-DEFENDER_update.exe

Resource

win7-20220414-en

matiex collection keylogger spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

WINDOW-DEFENDER_update.exe

Resource

win10v2004-20220414-en

matiex collection keylogger spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

matiex

C2

https://api.telegram.org/bot1216271892:AAEn1Tw6TUedDgDlack_UbEaK5yRAySruSY/sendMessage?chat_id=1318177442

Targets

- Target
  
  WINDOW-DEFENDER_update.exe
- Size
  
  297KB
- MD5
  
  442f5757df84d4f7f7fb1d7ea822feb9
- SHA1
  
  8ea3a6ef71a980a5c530d3d20b875e795dbdda73
- SHA256
  
  f1932e7fd5027c22bcc2f2796a2916d3089e70863ccf8c9ca40af01cdf34206f
- SHA512
  
  3e64ebf4fcff483a90f411eb9a49179f859f9fc9bcb64f63f753777bd62c9e2383a6ad949f4baa479087f7970e02c0218ef09bdf1b0c6ba67b58f8b2a72bc026
Score

10^/10

matiex collection keylogger spyware stealer
- Matiex
  Matiex is a keylogger and infostealer first seen in July 2020.
  stealer keylogger matiex
- Matiex Main Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

matiexcollectionkeyloggerspywarestealer

behavioral2

matiexcollectionkeyloggerspywarestealer

© 2018-2024

Terms | Privacy