matiex

General

Target

0b52424adb115b1336d084cf0cfbb73e_JaffaCakes118
Size

715KB
Sample

240501-hql8sace77
MD5

0b52424adb115b1336d084cf0cfbb73e
SHA1

084e85f67c1743bc12a6bdea960a3fd34025cf51
SHA256

0ed96cf4589be7b6b9b9562a165f4587ecf61e70a4958fb524f75c8b7c0b3fc9
SHA512

4e162fdb73d382a85959c613cce961424e50e1b524b36ce82bfb44cd4f0f00ae547f84ab52201c9fa88d9f70e1a36c81635808895d8b7e1ab7d47f6ab1cca95c
SSDEEP

12288:RDhxrUNCKpoxLfz7SzJHtODOWFg3W/jwG4cxxPtUU+GwGp:xWCcoxjqJHt0Hg3ijwJ4z+Sp

Score

10^/10

Malware Config

Extracted

Family

matiex

C2

https://api.telegram.org/bot1327331385:AAFaAF38_aAo1cyYYTIEnuc9sIJxwBlO_i4/sendMessage?chat_id=1055082792

Targets

- Target
  
  0b52424adb115b1336d084cf0cfbb73e_JaffaCakes118
- Size
  
  715KB
- MD5
  
  0b52424adb115b1336d084cf0cfbb73e
- SHA1
  
  084e85f67c1743bc12a6bdea960a3fd34025cf51
- SHA256
  
  0ed96cf4589be7b6b9b9562a165f4587ecf61e70a4958fb524f75c8b7c0b3fc9
- SHA512
  
  4e162fdb73d382a85959c613cce961424e50e1b524b36ce82bfb44cd4f0f00ae547f84ab52201c9fa88d9f70e1a36c81635808895d8b7e1ab7d47f6ab1cca95c
- SSDEEP
  
  12288:RDhxrUNCKpoxLfz7SzJHtODOWFg3W/jwG4cxxPtUU+GwGp:xWCcoxjqJHt0Hg3ijwJ4z+Sp
Score

10^/10

matiex collection keylogger spyware stealer
- Matiex
  Matiex is a keylogger and infostealer first seen in July 2020.
  stealer keylogger matiex
- Matiex Main payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Matiex Main payload

Reads data files stored by FTP clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2