matiex | 0d299a6d58a64c85f7ecad8788c760a802dac518532447381f4fd1ad2f422068 | Triage

Submit
Reports

Overview

overview

Static

static

3

28a9b97d2f...05.exe

windows7-x64

28a9b97d2f...05.exe

windows10-2004-x64

Sharing

General

Target

28a9b97d2fe877db717765b1370bf505
Size

791KB
Sample

231231-fck3fsgcc2
MD5

28a9b97d2fe877db717765b1370bf505
SHA1

b3381f7e44a4449332b602c5d4a40656575e3305
SHA256

0d299a6d58a64c85f7ecad8788c760a802dac518532447381f4fd1ad2f422068
SHA512

b779ccac3a3c2b7094ff114e83e60bc07c0c0e29b720952cc704baf44599a7436999c39ac1d73f6b29ea98bd1e897fe879c27ecfe3ac5758ba3c9f931266416f
SSDEEP

12288:GEok+AOmFJbSBKiO6U8amEtwyaHgT7CTgVbPfOvWmJqXw12ZuH1th1Vul19KAzeZ:kEigvKIo0K

Score

10^/10

matiex zgrat keylogger rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

28a9b97d2fe877db717765b1370bf505.exe

Resource

win7-20231215-en

matiex zgrat keylogger rat stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

28a9b97d2fe877db717765b1370bf505.exe

Resource

win10v2004-20231215-en

matiex zgrat keylogger rat stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

matiex

C2

https://api.telegram.org/bot1395392888:AAFrJovDdZICOFB0gX0eGWrAUzEKCRpv8xo/sendMessage?chat_id=1300181783

Targets

- Target
  
  28a9b97d2fe877db717765b1370bf505
- Size
  
  791KB
- MD5
  
  28a9b97d2fe877db717765b1370bf505
- SHA1
  
  b3381f7e44a4449332b602c5d4a40656575e3305
- SHA256
  
  0d299a6d58a64c85f7ecad8788c760a802dac518532447381f4fd1ad2f422068
- SHA512
  
  b779ccac3a3c2b7094ff114e83e60bc07c0c0e29b720952cc704baf44599a7436999c39ac1d73f6b29ea98bd1e897fe879c27ecfe3ac5758ba3c9f931266416f
- SSDEEP
  
  12288:GEok+AOmFJbSBKiO6U8amEtwyaHgT7CTgVbPfOvWmJqXw12ZuH1th1Vul19KAzeZ:kEigvKIo0K
Score

10^/10

matiex zgrat keylogger rat stealer
- Detect ZGRat V1
- Matiex
  Matiex is a keylogger and infostealer first seen in July 2020.
  stealer keylogger matiex
- Matiex Main payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

matiexzgratkeyloggerratstealer

behavioral2

matiexzgratkeyloggerratstealer

© 2018-2024

Terms | Privacy