matiex | f6d1fef78457a6ba54a7935e9b709c97f73a8f65e82e0a69e84942aac6f5c5cb | Triage

Submit
Reports

Overview

overview

Static

static

3

45c94cdf9e...18.exe

windows7-x64

45c94cdf9e...18.exe

windows10-2004-x64

Sharing

General

Target

45c94cdf9e3047f2b6285847c54c8016_JaffaCakes118
Size

1.1MB
Sample

240714-phmmxazdqk
MD5

45c94cdf9e3047f2b6285847c54c8016
SHA1

41043b93ab918961cdf54d28b312f6daa48876bd
SHA256

f6d1fef78457a6ba54a7935e9b709c97f73a8f65e82e0a69e84942aac6f5c5cb
SHA512

5cf219f642be5e1b20a51446de0ad892d7a5f3c4a0a69e977231ae182db6be16cf4c9bbea5d431df5cf7a23279e8b218af9b63397cb787ccd9445356e7466b1d
SSDEEP

12288:TWDag5UEjqfu19dtRyXbsK3oNWAiai/XpfVM7mypq6OBtqKuCwaBuomAGd+mVK9j:R2dda2kai/XvCmp6OBtq9ZaRdH

Score

10^/10

matiex collection keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

45c94cdf9e3047f2b6285847c54c8016_JaffaCakes118.exe

Resource

win7-20240705-en

matiex collection keylogger stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

45c94cdf9e3047f2b6285847c54c8016_JaffaCakes118.exe

Resource

win10v2004-20240709-en

matiex collection keylogger stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

matiex

Credentials

Protocol: smtp
Host:
mail.cleo2solutions.com.au
Port:
25
Username:
[email protected]
Password:
Enter@123

Targets

- Target
  
  45c94cdf9e3047f2b6285847c54c8016_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  45c94cdf9e3047f2b6285847c54c8016
- SHA1
  
  41043b93ab918961cdf54d28b312f6daa48876bd
- SHA256
  
  f6d1fef78457a6ba54a7935e9b709c97f73a8f65e82e0a69e84942aac6f5c5cb
- SHA512
  
  5cf219f642be5e1b20a51446de0ad892d7a5f3c4a0a69e977231ae182db6be16cf4c9bbea5d431df5cf7a23279e8b218af9b63397cb787ccd9445356e7466b1d
- SSDEEP
  
  12288:TWDag5UEjqfu19dtRyXbsK3oNWAiai/XpfVM7mypq6OBtqKuCwaBuomAGd+mVK9j:R2dda2kai/XvCmp6OBtq9ZaRdH
Score

10^/10

matiex collection keylogger stealer
- Matiex
  Matiex is a keylogger and infostealer first seen in July 2020.
  stealer keylogger matiex
- Matiex Main payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

matiexcollectionkeyloggerstealer

behavioral2

matiexcollectionkeyloggerstealer

© 2018-2024

Terms | Privacy