matiex | baff05977681e02ac5c004975c9033ede364ce7e18e660dc51a58917745057bb | Triage

Submit
Reports

Overview

overview

Static

static

Proforma Invoice.exe

windows7_x64

Proforma Invoice.exe

windows10-2004_x64

Sharing

General

Target

baff05977681e02ac5c004975c9033ede364ce7e18e660dc51a58917745057bb
Size

291KB
Sample

220521-nd8txagfeq
MD5

8bd8d8edec26d2d48e4335cc29e3d112
SHA1

9e01a547209c209019d5b3d5feab2bb3af9498b7
SHA256

baff05977681e02ac5c004975c9033ede364ce7e18e660dc51a58917745057bb
SHA512

37694d7495b530b0851a4274f4e8f3ee97d090052d4687faabc8ce48e9af9daaedc1a7a60993e48bde5f3aaf331d7a8097e6f141f57dac0d74aad3a9c7b8e094

Score

10^/10

matiex collection keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

Proforma Invoice.exe

Resource

win7-20220414-en

matiex collection keylogger stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Proforma Invoice.exe

Resource

win10v2004-20220414-en

matiex collection keylogger stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

matiex

Credentials

Protocol: smtp
Host:
matrixyarn.com
Port:
587
Username:
[email protected]
Password:
12bala12

Targets

- Target
  
  Proforma Invoice.exe
- Size
  
  332KB
- MD5
  
  64ad519e93364e83854d0447c5dbbade
- SHA1
  
  76702fc45937a91c4b52f2174c22b827eed22f7c
- SHA256
  
  a0fb0bec2f23bac8669541f20dc961c96cc74028a0fe96b272d0aad470e67837
- SHA512
  
  359e7f95e1d056f01d1bca3761f0bf5ba123a6e9cb3e9bbb873dab771c81cfb60f6453727eb1efa039b51edc2d9c3edb948d7c6f0642f1ee7b10b40d0f250c8a
Score

10^/10

matiex collection keylogger stealer
- Matiex
  Matiex is a keylogger and infostealer first seen in July 2020.
  stealer keylogger matiex
- Matiex Main Payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

matiexcollectionkeyloggerstealer

behavioral2

matiexcollectionkeyloggerstealer

© 2018-2024

Terms | Privacy