Overview

overview

10

Static

static

R980533211.exe

windows7_x64

1

R980533211.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    12c3cd6afeb0da63f0ef22c0f430665a489d477876fb97f55fb4466badd21571

  • Size

    185KB

  • Sample

    220521-bjxydafaar

  • MD5

    80d95f54fb018493a44ecd0b767488ee

  • SHA1

    ba21da1c9929d198428f1027e8977710260e876c

  • SHA256

    12c3cd6afeb0da63f0ef22c0f430665a489d477876fb97f55fb4466badd21571

  • SHA512

    2a711052ee0ab534006ba9ec32d45fb1634b87fbab663cbc6c7fd6908c4006590e3bb1d9bbcf8b931d6cbed761ce39bc39df18bf312bf8338e724e5e0745c349

Score
10/10
matiexcollectionkeyloggerstealer

Malware Config

Extracted

Family

matiex

Credentials

  • Protocol:     smtp
  • Host:
    mail.metauxsud.com
  • Port:
    587
  • Username:
    euro@metauxsud.com
  • Password:
    hushpuppy2020
  • Email To:
    dollar@metauxsud.com

Targets

    • Target

      R980533211.exe

    • Size

      652KB

    • MD5

      cea5d13da191b583af960af626f06c19

    • SHA1

      a778bf24076a24e501a2f4db102cfdac413bb566

    • SHA256

      cca5e12f1d9a4823e1188c7af7f66e51299fa975f0a4f40062808bc7c5fc4001

    • SHA512

      2c6fb4c9c0eb6f287bf7353f8d3f274c9b7f75656b4f6a4d021c3b3def7af8214d02f23d2db6b27bfe42b4f291ff2fb81ce748492fc3faebfebd5103c13bb9bc

    Score
    10/10
    matiexcollectionkeyloggerstealer

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

      stealerkeyloggermatiex

    • Matiex Main Payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks