matiex | c38b853587846014052d5b2206e8764dac66f7de9479ec3080e1872938bd7ceb | Triage

Submit
Reports

Overview

overview

Static

static

3

4fa42a8beb...18.exe

windows7-x64

4fa42a8beb...18.exe

windows10-2004-x64

Sharing

General

Target

4fa42a8beb305337e28cede06ceefa62_JaffaCakes118
Size

669KB
Sample

240716-xryersydph
MD5

4fa42a8beb305337e28cede06ceefa62
SHA1

1ad401dc70385788123ae837eea020a9c1d9e9d9
SHA256

c38b853587846014052d5b2206e8764dac66f7de9479ec3080e1872938bd7ceb
SHA512

81dc56b84e3e95169de458d5842c50347455365388b96155aa25a7fea27dc756d20180265ee2b796b2d6ebc2d04d622a6fa9259877f371e956e1458415046807
SSDEEP

12288:mEcQS8zfwkDWsWUZT3HVCuNhzmSEuH/KVTXr2tb:Fcn8zfw+WUZT3HVCuNhqWfKFXr2t

Score

10^/10

matiex collection execution keylogger spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4fa42a8beb305337e28cede06ceefa62_JaffaCakes118.exe

Resource

win7-20240708-en

matiex collection execution keylogger spyware stealer

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

4fa42a8beb305337e28cede06ceefa62_JaffaCakes118.exe

Resource

win10v2004-20240704-en

matiex collection execution keylogger spyware stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

matiex

Credentials

Protocol: smtp
Host:
smtp.privateemail.com
Port:
587
Username:
[email protected]
Password:
MARYolanmauluogwo@ever

Targets

- Target
  
  4fa42a8beb305337e28cede06ceefa62_JaffaCakes118
- Size
  
  669KB
- MD5
  
  4fa42a8beb305337e28cede06ceefa62
- SHA1
  
  1ad401dc70385788123ae837eea020a9c1d9e9d9
- SHA256
  
  c38b853587846014052d5b2206e8764dac66f7de9479ec3080e1872938bd7ceb
- SHA512
  
  81dc56b84e3e95169de458d5842c50347455365388b96155aa25a7fea27dc756d20180265ee2b796b2d6ebc2d04d622a6fa9259877f371e956e1458415046807
- SSDEEP
  
  12288:mEcQS8zfwkDWsWUZT3HVCuNhzmSEuH/KVTXr2tb:Fcn8zfw+WUZT3HVCuNhqWfKFXr2t
Score

10^/10

matiex collection execution keylogger spyware stealer
- Matiex
  Matiex is a keylogger and infostealer first seen in July 2020.
  stealer keylogger matiex
- Matiex Main payload
- Beds Protector Packer
  Detects Beds Protector packer used to load .NET malware.
- Drops startup file
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

matiexcollectionexecutionkeyloggerspywarestealer

behavioral2

matiexcollectionexecutionkeyloggerspywarestealer

© 2018-2024

Terms | Privacy