Overview

overview

10

Static

static

3

8988b694b9...75.exe

windows7-x64

10

8988b694b9...75.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8988b694b9df9186d686b9479984c675

  • Size

    908KB

  • Sample

    240202-pv6xbagbdm

  • MD5

    8988b694b9df9186d686b9479984c675

  • SHA1

    d54c8e34344c3b86cc883c2ffa89d020c0911755

  • SHA256

    0e9b75e527544aa8db9880eb423b73f0edfb79995be585eb2d69c735068d082e

  • SHA512

    72352807711c2a1799920fdc934ab3aaa1730b718447c8c70fefebb3c7243941feeb9c05f2eced48358ca114df789e97ad3be160b766e773312535de27d6e4c6

  • SSDEEP

    12288:Y7KAD7WCSbo4N2So9pGwINUbKbSZTlWxYGNhCJh7EW58M8zOGcbq1TT6ygvhNwEc:eK+Ms9fAkvhS+c9

Score
10/10
matiexzgratcollectionkeyloggerratspywarestealer

Malware Config

Extracted

Family

matiex

C2

https://api.telegram.org/bot1395392888:AAFrJovDdZICOFB0gX0eGWrAUzEKCRpv8xo/sendMessage?chat_id=1300181783

Targets

    • Target

      8988b694b9df9186d686b9479984c675

    • Size

      908KB

    • MD5

      8988b694b9df9186d686b9479984c675

    • SHA1

      d54c8e34344c3b86cc883c2ffa89d020c0911755

    • SHA256

      0e9b75e527544aa8db9880eb423b73f0edfb79995be585eb2d69c735068d082e

    • SHA512

      72352807711c2a1799920fdc934ab3aaa1730b718447c8c70fefebb3c7243941feeb9c05f2eced48358ca114df789e97ad3be160b766e773312535de27d6e4c6

    • SSDEEP

      12288:Y7KAD7WCSbo4N2So9pGwINUbKbSZTlWxYGNhCJh7EW58M8zOGcbq1TT6ygvhNwEc:eK+Ms9fAkvhS+c9

    Score
    10/10
    matiexzgratkeyloggerratstealercollectionspyware

    • Detect ZGRat V1

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

      stealerkeyloggermatiex

    • Matiex Main payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

2
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks