matiex | 21e5e0c004b3cba4cfbfdd135abcab0beeea6159ce5884d19406945ce38e9670 | Triage

Submit
Reports

Overview

overview

Static

static

b9713bbd42...6c.exe

windows7-x64

b9713bbd42...6c.exe

windows10-2004-x64

Sharing

General

Target

4622942793ebac6a734337176a346809.bin
Size

551KB
Sample

230120-qmnansah74
MD5

88032140ce37ea1fbda578fd0b32896e
SHA1

2fdf24c3e4d792467ccac54887efae460531b0a4
SHA256

21e5e0c004b3cba4cfbfdd135abcab0beeea6159ce5884d19406945ce38e9670
SHA512

f6c536f67a0cf543a0e7597f544863a12253fea2ee633d33c7419c0c7643c119115909f772192b42482b4bbf566d5412d08821b5cd769e2148472a66fe3bde4a
SSDEEP

12288:PpW9NTh/ae616GyLhbF4WcSdcjxVfhA3vGY9wRhK8iZDWKintbGlr:BW9NP61dOj4WnKvfkuiwRhK8o2Or

Score

10^/10

matiex collection keylogger spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

b9713bbd42cc46a3c53e391a5e0925968b5b335205a02866fb4edeb2b337226c.exe

Resource

win7-20220812-en

matiex collection keylogger spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

b9713bbd42cc46a3c53e391a5e0925968b5b335205a02866fb4edeb2b337226c.exe

Resource

win10v2004-20221111-en

matiex collection keylogger spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

matiex

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
wise101@bajajindai.net
Password:
ze5qw@iC?1E}

Targets

- Target
  
  b9713bbd42cc46a3c53e391a5e0925968b5b335205a02866fb4edeb2b337226c.exe
- Size
  
  608KB
- MD5
  
  4622942793ebac6a734337176a346809
- SHA1
  
  5c7c0cceb1d1ecdd052e29a9e6a46e4ea3cfb282
- SHA256
  
  b9713bbd42cc46a3c53e391a5e0925968b5b335205a02866fb4edeb2b337226c
- SHA512
  
  a7164f6a8b9d555efd12bebb3801834c539c73090fdc0cfc436c4b0a53a324169af9b8ba21bb7e2b81698e14ea92da5d0fe477563a323ebeaced40a1870392a6
- SSDEEP
  
  12288:YqoOQ5sHbNuZpA/uOr3YZnQlRZDynctXm2sThT6ycNYn:X1Q4oZpA2Or3YuyctW2K6Fm
Score

10^/10

matiex collection keylogger spyware stealer
- Matiex
  Matiex is a keylogger and infostealer first seen in July 2020.
  stealer keylogger matiex
- Matiex Main payload
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

matiexcollectionkeyloggerspywarestealer

behavioral2

matiexcollectionkeyloggerspywarestealer

© 2018-2024

Terms | Privacy