Overview

overview

10

Static

static

0890800980900.exe

windows7_x64

10

0890800980900.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    45c76e73fe8180503517cee91c6690cff0f4c7c5dcf19e8b24f133c2420e495a

  • Size

    344KB

  • Sample

    220521-dlkf6sfhc9

  • MD5

    01b9ed6bd19a2648316cb79bba889fae

  • SHA1

    22459f2adfd45271922f740925bc2275a4418135

  • SHA256

    45c76e73fe8180503517cee91c6690cff0f4c7c5dcf19e8b24f133c2420e495a

  • SHA512

    55acef15b304884af5be2210d1e1d7181006c797f0de257fb467e7f7e9166de087746fec70b432f09fa91213321dab7ab001eba2fed0fb138488e82ce7696c44

Score
10/10
matiexkeyloggerstealer

Malware Config

Extracted

Family

matiex

Credentials

  • Protocol:     smtp
  • Host:
    srvc13.turhost.com
  • Port:
    587
  • Username:
    info@bilgitekdagitim.com
  • Password:
    italik2015

Targets

    • Target

      0890800980900.exe

    • Size

      428KB

    • MD5

      66236fab0fc34913339b1ab771e7e330

    • SHA1

      79904802f84156a4f20682f6b74b06a8aa5e3866

    • SHA256

      16f1c002141bcb30cb7d6c783ce866423aae4511342d80339ee931b1ed0f6a18

    • SHA512

      6e93facff68717f3facb8eeec7f9427936bfe5d70a77e552abddb48188cded00e8596d89ac65407dfba330882723e8d185710d4fad7bb2401fcfb7de4ebc8484

    Score
    10/10
    matiexkeyloggerstealer

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

      stealerkeyloggermatiex

    • Matiex Main Payload

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks