matiex | 67355213a21949a6abc12f65fb4f96f6c9ca82d60dac379984ce374b0e00ce26 | Triage

Submit
Reports

Overview

overview

Static

static

Payment receipt.exe

windows7_x64

Payment receipt.exe

windows10-2004_x64

Sharing

General

Target

67355213a21949a6abc12f65fb4f96f6c9ca82d60dac379984ce374b0e00ce26
Size

107KB
Sample

220521-mjazdsfabj
MD5

663c6faedef6d2cb4b4b189789ac16ba
SHA1

84770b9d0df19f22603c3ec3ee1f207596d3bd2c
SHA256

67355213a21949a6abc12f65fb4f96f6c9ca82d60dac379984ce374b0e00ce26
SHA512

4997684fe03af046b9ad1d1af0b14890a44ffeeca13b79dc532f184dd64bc8a5001f5efa5afa1091652042f3c96015da1d26ef877077173ae01f14662a498283

Score

10^/10

matiex collection keylogger persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Payment receipt.exe

Resource

win7-20220414-en

matiex collection keylogger persistence spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Payment receipt.exe

Resource

win10v2004-20220414-en

matiex collection keylogger persistence spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Payment receipt.exe
- Size
  
  128KB
- MD5
  
  497856229ec8ae87bda86469bf72ef64
- SHA1
  
  844329ce2db6a3a6929719f27766474f77c7d047
- SHA256
  
  b8888ca416fcb0b2fa48e131a3fbadf177ed9f26528d620ff1df804f17ea8c64
- SHA512
  
  6cadd85b8a3cdb42b202ff45d198b1ef7b73d1ba4a3d612066be3ee95999d49d46b699f6d073bb143cdd8b3f4d89144c3528b3ad7f788f74abeed846945e932f
Score

10^/10

matiex collection keylogger persistence spyware stealer
- Matiex
  Matiex is a keylogger and infostealer first seen in July 2020.
  stealer keylogger matiex
- Matiex Main Payload
- Modifies WinLogon for persistence
  persistence
- Drops startup file
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

matiexcollectionkeyloggerpersistencespywarestealer

behavioral2

matiexcollectionkeyloggerpersistencespywarestealer

© 2018-2024

Terms | Privacy