matiex

General

Target

e4855192334bc3427b7634abcbdc4659_JaffaCakes118
Size

818KB
Sample

240407-klg5dahe96
MD5

e4855192334bc3427b7634abcbdc4659
SHA1

6c47e470fc2ea6844e3bb16700c14c86133d5779
SHA256

17680c1b0efe77b4939fc8103d8c1b3a0245a99ed8c96fcd3903794179d23ee9
SHA512

16ed44c3b4ca11bc896bb839f7a7f293edc42aa2d86b6ed7c12f99eb7ced3816076db1d6930e2da1a38766913bea177d5670ad6894af655b8824915d29d79ae1
SSDEEP

12288:1n4JT4xi7lQBwpdOBbLeKTmrn+xr4onY4VTIAThKdxSqvcgAJ5Zrnvr91yyfFNT2:14SDF1fjePcDLv1S

Score

10^/10

Malware Config

Extracted

Family

matiex

C2

https://api.telegram.org/bot1395392888:AAFrJovDdZICOFB0gX0eGWrAUzEKCRpv8xo/sendMessage?chat_id=1300181783

Targets

- Target
  
  e4855192334bc3427b7634abcbdc4659_JaffaCakes118
- Size
  
  818KB
- MD5
  
  e4855192334bc3427b7634abcbdc4659
- SHA1
  
  6c47e470fc2ea6844e3bb16700c14c86133d5779
- SHA256
  
  17680c1b0efe77b4939fc8103d8c1b3a0245a99ed8c96fcd3903794179d23ee9
- SHA512
  
  16ed44c3b4ca11bc896bb839f7a7f293edc42aa2d86b6ed7c12f99eb7ced3816076db1d6930e2da1a38766913bea177d5670ad6894af655b8824915d29d79ae1
- SSDEEP
  
  12288:1n4JT4xi7lQBwpdOBbLeKTmrn+xr4onY4VTIAThKdxSqvcgAJ5Zrnvr91yyfFNT2:14SDF1fjePcDLv1S
Score

10^/10

matiex zgrat keylogger rat stealer collection spyware
- Detect ZGRat V1
- Matiex
  Matiex is a keylogger and infostealer first seen in July 2020.
  stealer keylogger matiex
- Matiex Main payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect ZGRat V1

Matiex Main payload

ZGRat

Reads data files stored by FTP clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2