matiex

General

Target

ac52db0c62fac74e6708635ac3db5f46_JaffaCakes118
Size

343KB
Sample

240404-b81qkabg34
MD5

ac52db0c62fac74e6708635ac3db5f46
SHA1

0f35104cb6938b60cabbaf6257975792d5399024
SHA256

cd4d29b138b75a9d1a10fa7d724168ae155ef7779d97c042e8014b9ae6f93087
SHA512

95953124e75a38ed27ad6e60cbe0f9e952d5d367237784a3c0b47ed7d5fa30846f61a575458e3880b8f0539924cfd029983aa46a137db5ff5152e82140df7925
SSDEEP

6144:b8LxBBXsxzzxq3YgkqzS7M3TJcEghkLd199Tx5KN/Dv+JffuK1IDBgdugb:ysRzxq3wqzSmTJ9L5KNCfWK1cBxgb

Score

10^/10

Malware Config

Extracted

Family

matiex

C2

https://api.telegram.org/bot1395392888:AAFrJovDdZICOFB0gX0eGWrAUzEKCRpv8xo/sendMessage?chat_id=1300181783

Targets

- Target
  
  ac52db0c62fac74e6708635ac3db5f46_JaffaCakes118
- Size
  
  343KB
- MD5
  
  ac52db0c62fac74e6708635ac3db5f46
- SHA1
  
  0f35104cb6938b60cabbaf6257975792d5399024
- SHA256
  
  cd4d29b138b75a9d1a10fa7d724168ae155ef7779d97c042e8014b9ae6f93087
- SHA512
  
  95953124e75a38ed27ad6e60cbe0f9e952d5d367237784a3c0b47ed7d5fa30846f61a575458e3880b8f0539924cfd029983aa46a137db5ff5152e82140df7925
- SSDEEP
  
  6144:b8LxBBXsxzzxq3YgkqzS7M3TJcEghkLd199Tx5KN/Dv+JffuK1IDBgdugb:ysRzxq3wqzSmTJ9L5KNCfWK1cBxgb
Score

10^/10

matiex collection keylogger spyware stealer
- Matiex
  Matiex is a keylogger and infostealer first seen in July 2020.
  stealer keylogger matiex
- Matiex Main payload
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/lqwipxz.dll
- Size
  
  17KB
- MD5
  
  148e2440033d4c9c35f68f4072ba5d1e
- SHA1
  
  480b6d0a378fa7e785e79de7e0f757dd7e8124e3
- SHA256
  
  47094fa8accf250c8df2021a0180140be6f1091415d44e9927e5ed6ba6c60bb4
- SHA512
  
  1a272ef57ad29b3481a1f18530168d1af7cc6a20bef32249412e0eadcc7dbd306157c3b8fca971ac21bde9cf7229370124cce29038bd3cc1ef93a03008c0367d
- SSDEEP
  
  384:mD4wra/y5RdIX0lcjIbqjC+/6ztBp9+JTjL:K4wrNp60lC8+C+/OpuTj
Score

10^/10

matiex collection keylogger spyware stealer
- Matiex
  Matiex is a keylogger and infostealer first seen in July 2020.
  stealer keylogger matiex
- Matiex Main payload
- Blocklisted process makes network request
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Matiex Main payload

Loads dropped DLL

Reads data files stored by FTP clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

Matiex

Matiex Main payload

Blocklisted process makes network request

Reads data files stored by FTP clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4