Extracted

• • Target

    97671a2ff8c7f29b3ad0ab1e3d91f6c8.exe

  • Size

    624KB

  • MD5

    97671a2ff8c7f29b3ad0ab1e3d91f6c8

  • SHA1

    379f979aabf0e5ab11eba5a7d216e56ed2d31a95

  • SHA256

    4a879a46f6c35cd6b690a689a2cdc0dffb2acb9fac39ce2b7a5116607bc87753

  • SHA512

    6260247564a51b5734ce503fee1e832cb14b6013e497e0d65e92211d0eb3c7de644375d319c4c7e88b2e7bac358d5e793ed79bc10ea14e357457f155918270a7

  • SSDEEP

    12288:MSx9jlYDJjaLfZASHlz2bz1q5LEKtc6qn2yLxCTtJ5gKFqJq:P72bz1q5ttu2AET6KFqJq

  Score

  10^/10

  matiexcollectionkeyloggerspywarestealer

  • Matiex

    Matiex is a keylogger and infostealer first seen in July 2020.

    stealerkeyloggermatiex

  • Matiex Main payload

  • Drops startup file

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2