matiex | 2ff18076fa2fa3a34858fe3b080953dca64785744697b3466f55e7bbbcf9a689 | Triage

Submit
Reports

Overview

overview

Static

static

Quotation ...39.exe

windows7_x64

Quotation ...39.exe

windows10-2004_x64

Sharing

General

Target

2ff18076fa2fa3a34858fe3b080953dca64785744697b3466f55e7bbbcf9a689
Size

336KB
Sample

220521-bbxmmsefgp
MD5

19b508c429abba1b8bb711864834801f
SHA1

0f7786add8352321ec41de7501922a6e955cd310
SHA256

2ff18076fa2fa3a34858fe3b080953dca64785744697b3466f55e7bbbcf9a689
SHA512

c76ec0b839fbdeed8a1fb143cbf07175ab342f3a959396edd7a35eb7032d9092952720aad29bff4dc40d68bfe4856fe4989d4aa099bff72f6bd031f3ba41e309

Score

10^/10

matiex evasion keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

Quotation #257&439.exe

Resource

win7-20220414-en

matiex evasion keylogger stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Quotation #257&439.exe

Resource

win10v2004-20220414-en

matiex evasion keylogger stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

matiex

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
beatexploit@yandex.com
Password:
welcome@100

Targets

- Target
  
  Quotation #257&439.exe
- Size
  
  376KB
- MD5
  
  0ada92dbaeebf340360ac5b3dcf9a459
- SHA1
  
  6c70fc7a6e3d08f39b5393341290658e8cbba591
- SHA256
  
  302ef66c9868c12a36517bd2ee12254442b7504d17afdeabdc9264954e19a952
- SHA512
  
  393fec311d35289126b268b64a249b07885bfa5eacc6d0db58a2e712b09a8b2b9262bba8435f60d460ecf4dde2ab345db5d514e9bb9d95ade30c439428c5ab4d
Score

10^/10

matiex evasion keylogger stealer
- Matiex
  Matiex is a keylogger and infostealer first seen in July 2020.
  stealer keylogger matiex
- Matiex Main Payload
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

matiexevasionkeyloggerstealer

behavioral2

matiexevasionkeyloggerstealer

© 2018-2024

Terms | Privacy