matiex | e24d753b84d8ca4411b4157a300baea0e41cfdb04e6f0bb437b4273110f89d53 | Triage

Submit
Reports

Overview

overview

Static

static

007556d5a7...ff.exe

windows7-x64

1

007556d5a7...ff.exe

windows10-2004-x64

Sharing

General

Target

007556d5a71f6dd74f0b5a9778cf31ff.exe
Size

476KB
Sample

230112-sf7f3sgd46
MD5

007556d5a71f6dd74f0b5a9778cf31ff
SHA1

ada81ef2208703f22b1fe99f7342927bc9640dd6
SHA256

e24d753b84d8ca4411b4157a300baea0e41cfdb04e6f0bb437b4273110f89d53
SHA512

9cbe5768e5b9c86cc4b8ed7f55122747acbe828ac295831082e793eaa76ab6cf169602a7fa28355ebec6b8722d2abbec634c33d148c93f456fa5a13d317769d2
SSDEEP

12288:5js193PQAW630ZwDAiu/7mmtfOD6IybGr2XTd:5bL630ZhZz1tfYTyboM

Score

10^/10

matiex collection keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

007556d5a71f6dd74f0b5a9778cf31ff.exe

Resource

win7-20221111-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

007556d5a71f6dd74f0b5a9778cf31ff.exe

Resource

win10v2004-20220812-en

matiex collection keylogger stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

matiex

Credentials

Protocol: smtp
Host:
srvc13.turhost.com
Port:
587
Username:
info@bilgitekdagitim.com
Password:
italik2015

Targets

- Target
  
  007556d5a71f6dd74f0b5a9778cf31ff.exe
- Size
  
  476KB
- MD5
  
  007556d5a71f6dd74f0b5a9778cf31ff
- SHA1
  
  ada81ef2208703f22b1fe99f7342927bc9640dd6
- SHA256
  
  e24d753b84d8ca4411b4157a300baea0e41cfdb04e6f0bb437b4273110f89d53
- SHA512
  
  9cbe5768e5b9c86cc4b8ed7f55122747acbe828ac295831082e793eaa76ab6cf169602a7fa28355ebec6b8722d2abbec634c33d148c93f456fa5a13d317769d2
- SSDEEP
  
  12288:5js193PQAW630ZwDAiu/7mmtfOD6IybGr2XTd:5bL630ZhZz1tfYTyboM
Score

10^/10

matiex collection keylogger stealer
- Matiex
  Matiex is a keylogger and infostealer first seen in July 2020.
  stealer keylogger matiex
- Matiex Main payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

matiexcollectionkeyloggerstealer

© 2018-2024

Terms | Privacy