Overview

overview

10

Static

static

3

e3419829c4...18.exe

windows7-x64

1

e3419829c4...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e3419829c4e6f448ed4b26fe35ae6ce9_JaffaCakes118

  • Size

    928KB

  • Sample

    240406-zm6xfsaf3z

  • MD5

    e3419829c4e6f448ed4b26fe35ae6ce9

  • SHA1

    902805b919c3e1f078eeb607889a01a75b29b49a

  • SHA256

    d77b5185cb9ee6f14b0dfffc147aca637fff8764c100d70090493b8f9851731f

  • SHA512

    2ab6eeafb3e694aba8100df44bcf0b18736fd5aab90d495cbf5646bfbd0db6715cb4a5e3692200992594a40ef83076045cc37d676c12dbbfd1e57258aa6b7feb

  • SSDEEP

    12288:h1Wl8T5NM63xjmeRfdoZBgAWF2p3OGdUMXysKA/zXQ:hA27dxIgBF0OGdUkysLzXQ

Score
10/10
matiexcollectionkeyloggerstealer

Malware Config

Extracted

Family

matiex

C2

https://api.telegram.org/bot1395392888:AAFrJovDdZICOFB0gX0eGWrAUzEKCRpv8xo/sendMessage?chat_id=1300181783

Targets

    • Target

      e3419829c4e6f448ed4b26fe35ae6ce9_JaffaCakes118

    • Size

      928KB

    • MD5

      e3419829c4e6f448ed4b26fe35ae6ce9

    • SHA1

      902805b919c3e1f078eeb607889a01a75b29b49a

    • SHA256

      d77b5185cb9ee6f14b0dfffc147aca637fff8764c100d70090493b8f9851731f

    • SHA512

      2ab6eeafb3e694aba8100df44bcf0b18736fd5aab90d495cbf5646bfbd0db6715cb4a5e3692200992594a40ef83076045cc37d676c12dbbfd1e57258aa6b7feb

    • SSDEEP

      12288:h1Wl8T5NM63xjmeRfdoZBgAWF2p3OGdUMXysKA/zXQ:hA27dxIgBF0OGdUkysLzXQ

    Score
    10/10
    matiexcollectionkeyloggerstealer

    • Matiex

      Matiex is a keylogger and infostealer first seen in July 2020.

      stealerkeyloggermatiex

    • Matiex Main payload

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Tasks