Overview

overview

10

Static

static

3

8988b694b9...75.exe

windows7-x64

10

8988b694b9...75.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    02-02-2024 12:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8988b694b9df9186d686b9479984c675.exe

  • Size

    908KB

  • MD5

    8988b694b9df9186d686b9479984c675

  • SHA1

    d54c8e34344c3b86cc883c2ffa89d020c0911755

  • SHA256

    0e9b75e527544aa8db9880eb423b73f0edfb79995be585eb2d69c735068d082e

  • SHA512

    72352807711c2a1799920fdc934ab3aaa1730b718447c8c70fefebb3c7243941feeb9c05f2eced48358ca114df789e97ad3be160b766e773312535de27d6e4c6

  • SSDEEP

    12288:Y7KAD7WCSbo4N2So9pGwINUbKbSZTlWxYGNhCJh7EW58M8zOGcbq1TT6ygvhNwEc:eK+Ms9fAkvhS+c9

Score
10/10
matiexzgratkeyloggerratstealer

Malware Config

Extracted

Family

matiex

C2

https://api.telegram.org/bot1395392888:AAFrJovDdZICOFB0gX0eGWrAUzEKCRpv8xo/sendMessage?chat_id=1300181783

Signatures

  • Detect ZGRat V1 1 IoCs
  • Matiex

    Matiex is a keylogger and infostealer first seen in July 2020.

    stealerkeyloggermatiex
  • Matiex Main payload 7 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • Looks up external IP address via web service 3 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8988b694b9df9186d686b9479984c675.exe
    "C:\Users\Admin\AppData\Local\Temp\8988b694b9df9186d686b9479984c675.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1216
    • C:\Users\Admin\AppData\Local\Temp\8988b694b9df9186d686b9479984c675.exe
      "C:\Users\Admin\AppData\Local\Temp\8988b694b9df9186d686b9479984c675.exe"
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1216-1-0x00000000747A0000-0x0000000074E8E000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/1216-0-0x0000000001190000-0x000000000127A000-memory.dmp
    Filesize

    936KB

    Download
  • memory/1216-2-0x0000000004DF0000-0x0000000004E30000-memory.dmp
    Filesize

    256KB

    Download
  • memory/1216-3-0x0000000000520000-0x0000000000586000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1216-4-0x0000000000490000-0x00000000004A6000-memory.dmp
    Filesize

    88KB

    Download
  • memory/1216-18-0x00000000747A0000-0x0000000074E8E000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/2756-10-0x0000000000400000-0x0000000000476000-memory.dmp
    Filesize

    472KB

    Download
  • memory/2756-9-0x0000000000400000-0x0000000000476000-memory.dmp
    Filesize

    472KB

    Download
  • memory/2756-7-0x0000000000400000-0x0000000000476000-memory.dmp
    Filesize

    472KB

    Download
  • memory/2756-11-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2756-13-0x0000000000400000-0x0000000000476000-memory.dmp
    Filesize

    472KB

    Download
  • memory/2756-15-0x0000000000400000-0x0000000000476000-memory.dmp
    Filesize

    472KB

    Download
  • memory/2756-17-0x0000000000400000-0x0000000000476000-memory.dmp
    Filesize

    472KB

    Download
  • memory/2756-5-0x0000000000400000-0x0000000000476000-memory.dmp
    Filesize

    472KB

    Download
  • memory/2756-19-0x00000000747A0000-0x0000000074E8E000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/2756-20-0x0000000004FC0000-0x0000000005000000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2756-21-0x00000000747A0000-0x0000000074E8E000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/2756-22-0x0000000004FC0000-0x0000000005000000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2756-23-0x00000000747A0000-0x0000000074E8E000-memory.dmp
    Filesize

    6.9MB

    Download