matiex | c1d52a5d83b3f1660b9ecdb1ad26fb3b7edc7f02bcec4dd320e237a62c433d07 | Triage

Submit
Reports

Overview

overview

Static

static

3

JHW09000900.exe

windows7-x64

1

JHW09000900.exe

windows10-2004-x64

Sharing

General

Target

eb76556f2396211e863c94f8fa682276_JaffaCakes118
Size

448KB
Sample

240410-tn4wlagg3y
MD5

eb76556f2396211e863c94f8fa682276
SHA1

c9e7d5425c979cb0db29a8aee6444d37b35a8b24
SHA256

c1d52a5d83b3f1660b9ecdb1ad26fb3b7edc7f02bcec4dd320e237a62c433d07
SHA512

a8d9fe839201d166b3bfac8e536aefa61757493dad812172c2488ff942e52d66f126979c7ddd8f4ba7961fe2a72e36993eed17fd686680ab53b99a23e5f67d50
SSDEEP

12288:nyRIUzLUq3Epa/CBSbrvVMAGLFam+SHc6sPEs+r:TUzv3pgSndMAqF/Lc6sPEL

Score

10^/10

matiex collection keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JHW09000900.exe

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

JHW09000900.exe

Resource

win10v2004-20240226-en

matiex collection keylogger stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

matiex

C2

https://api.telegram.org/bot1395392888:AAFrJovDdZICOFB0gX0eGWrAUzEKCRpv8xo/sendMessage?chat_id=1300181783

Targets

- Target
  
  JHW09000900.exe
- Size
  
  656KB
- MD5
  
  54dc35ab78394f31963d2f0bd30a6b7b
- SHA1
  
  4904138a54baf5cb440933e502ff6e8cb6b00829
- SHA256
  
  ec45a354ba2c7cba3c064325f968d62cdb3999122b76080dd145cc49f13bf7e7
- SHA512
  
  c54d2abf270dd31eb9e3bf44762803f3d1e4d41a6ea43fd37003a64983fddbac5545a5dafe15b3224aadb7f25037c8dc8818480210a30ef6ed69fef326895d7b
- SSDEEP
  
  12288:lrf0P3HD5Y2fxOZAcLlQuhntyyFgF1/OV0b4R7wZSEleGxCRfdbBKqS/XWsHFsdn:2P3H1Y2f4HLVnILvOV0b4R7ASEleGmft
Score

10^/10

matiex collection keylogger stealer
- Matiex
  Matiex is a keylogger and infostealer first seen in July 2020.
  stealer keylogger matiex
- Matiex Main payload
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

matiexcollectionkeyloggerstealer

© 2018-2025

Terms | Privacy