Overview

overview

10

Static

static

R010982210.exe

windows7_x64

1

R010982210.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0b2da1d6b98306bf204f7c061976afe3d460af1da864c104bb1b6f9d0997fddb

  • Size

    182KB

  • Sample

    220521-nx65eshden

  • MD5

    51160c0247a5df44b36938610c2574ce

  • SHA1

    034c9a7f595b9206c7700cc01f91339c0f63f500

  • SHA256

    0b2da1d6b98306bf204f7c061976afe3d460af1da864c104bb1b6f9d0997fddb

  • SHA512

    a45741335d8bcb58316824eba0171b31026f3f0f98a3f1fb8484ff9d1c165aaa54577dac499e7057a713de3a937b3999d3257f2566be715460e956cba76e9c17

Score
10/10
matiexcollectionkeyloggerstealer

Malware Config

Extracted

Family

matiex

Credentials

  • Protocol:     smtp
  • Host:
    mail.metauxsud.com
  • Port:
    587
  • Username:
    euro@metauxsud.com
  • Password:
    hushpuppy2020
  • Email To:
    dollar@metauxsud.com

Targets

    • Target

      R010982210.exe

    • Size

      534KB

    • MD5

      76954c7b00750983a2dc26ecd1dce1b7

    • SHA1

      9b783fe07d49991ec118d072621be2c42f9d8796

    • SHA256

      c4b558efd2baee3e3b2e39a7b88da203d870857a8331b403b003643ab066b930

    • SHA512

      fb04fad2d8466ee5c7e3e41588ca6915f05aba759c20aa802dc796ddba46b13db729abf7200a61bc5cca0ec2e97dde695f07653512d8fac797f2ee481a273266

    Score
    10/10
    matiexcollectionkeyloggerstealer

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

      stealerkeyloggermatiex

    • Matiex Main Payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks