Extracted

• • Target

    4fa42a8beb305337e28cede06ceefa62_JaffaCakes118

  • Size

    669KB

  • MD5

    4fa42a8beb305337e28cede06ceefa62

  • SHA1

    1ad401dc70385788123ae837eea020a9c1d9e9d9

  • SHA256

    c38b853587846014052d5b2206e8764dac66f7de9479ec3080e1872938bd7ceb

  • SHA512

    81dc56b84e3e95169de458d5842c50347455365388b96155aa25a7fea27dc756d20180265ee2b796b2d6ebc2d04d622a6fa9259877f371e956e1458415046807

  • SSDEEP

    12288:mEcQS8zfwkDWsWUZT3HVCuNhzmSEuH/KVTXr2tb:Fcn8zfw+WUZT3HVCuNhqWfKFXr2t

  Score

  10^/10

  matiexcollectionexecutionkeyloggerspywarestealer

  • Matiex

    Matiex is a keylogger and infostealer first seen in July 2020.

    stealerkeyloggermatiex

  • Matiex Main payload

  • Beds Protector Packer

    Detects Beds Protector packer used to load .NET malware.

  • Drops startup file

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2