matiex | 4a879a46f6c35cd6b690a689a2cdc0dffb2acb9fac39ce2b7a5116607bc87753 | Triage

Submit
Reports

Overview

overview

Static

static

1

97671a2ff8...c8.exe

windows7-x64

97671a2ff8...c8.exe

windows10-2004-x64

Sharing

General

Target

97671a2ff8c7f29b3ad0ab1e3d91f6c8.exe
Size

624KB
Sample

230216-h94xyagb5x
MD5

97671a2ff8c7f29b3ad0ab1e3d91f6c8
SHA1

379f979aabf0e5ab11eba5a7d216e56ed2d31a95
SHA256

4a879a46f6c35cd6b690a689a2cdc0dffb2acb9fac39ce2b7a5116607bc87753
SHA512

6260247564a51b5734ce503fee1e832cb14b6013e497e0d65e92211d0eb3c7de644375d319c4c7e88b2e7bac358d5e793ed79bc10ea14e357457f155918270a7
SSDEEP

12288:MSx9jlYDJjaLfZASHlz2bz1q5LEKtc6qn2yLxCTtJ5gKFqJq:P72bz1q5ttu2AET6KFqJq

Score

10^/10

matiex collection keylogger spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

97671a2ff8c7f29b3ad0ab1e3d91f6c8.exe

Resource

win7-20220812-en

matiex collection keylogger spyware stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

97671a2ff8c7f29b3ad0ab1e3d91f6c8.exe

Resource

win10v2004-20220812-en

matiex collection keylogger spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

matiex

C2

https://api.telegram.org/bot1277090811:AAHJ1mutkv0Wr1_9949BBcb3lR-DuRKH5RU/sendMessage?chat_id=1216524090

Targets

- Target
  
  97671a2ff8c7f29b3ad0ab1e3d91f6c8.exe
- Size
  
  624KB
- MD5
  
  97671a2ff8c7f29b3ad0ab1e3d91f6c8
- SHA1
  
  379f979aabf0e5ab11eba5a7d216e56ed2d31a95
- SHA256
  
  4a879a46f6c35cd6b690a689a2cdc0dffb2acb9fac39ce2b7a5116607bc87753
- SHA512
  
  6260247564a51b5734ce503fee1e832cb14b6013e497e0d65e92211d0eb3c7de644375d319c4c7e88b2e7bac358d5e793ed79bc10ea14e357457f155918270a7
- SSDEEP
  
  12288:MSx9jlYDJjaLfZASHlz2bz1q5LEKtc6qn2yLxCTtJ5gKFqJq:P72bz1q5ttu2AET6KFqJq
Score

10^/10

matiex collection keylogger spyware stealer
- Matiex
  Matiex is a keylogger and infostealer first seen in July 2020.
  stealer keylogger matiex
- Matiex Main payload
- Drops startup file
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

matiexcollectionkeyloggerspywarestealer

behavioral2

matiexcollectionkeyloggerspywarestealer

© 2018-2024

Terms | Privacy