matiex | 597c71c6a2012cf5ccd4a5e8b97be637add1d690283331c709f4c8fee94dd280 | Triage

Submit
Reports

Overview

overview

Static

static

3

819096acf6...18.exe

windows7-x64

3

819096acf6...18.exe

windows10-2004-x64

Sharing

General

Target

819096acf63b5d611a3009c559049e27_JaffaCakes118
Size

479KB
Sample

241031-enet5szbmg
MD5

819096acf63b5d611a3009c559049e27
SHA1

11aab366797c1d758b288002fcf79e38d7401dcb
SHA256

597c71c6a2012cf5ccd4a5e8b97be637add1d690283331c709f4c8fee94dd280
SHA512

5e2d50c87791d4a05144c2bcdd91f28b2ae464dbf6f23d3d1c04c255312b1b9c685619023c202d96cf7c0e8d432041ab365d4337b45dc6568a0a54dd1ab93b86
SSDEEP

6144:QZAFjCBUSf/f45NBQvOdS7965mgZBr7jbFSfMfqhWu4iW4ElEjyWBYa:IEOBWUvO4p6Q+J7vF+MQWT181

Score

10^/10

matiex collection credential_access discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

819096acf63b5d611a3009c559049e27_JaffaCakes118.exe

Resource

win7-20240903-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

819096acf63b5d611a3009c559049e27_JaffaCakes118.exe

Resource

win10v2004-20241007-en

matiex collection credential_access discovery keylogger stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

matiex

C2

https://api.telegram.org/bot1769987238:AAEQYijlXWT1FDvBzphYZ0NJ0B8IOgYjki0/sendMessage?chat_id=1816626867

Targets

- Target
  
  819096acf63b5d611a3009c559049e27_JaffaCakes118
- Size
  
  479KB
- MD5
  
  819096acf63b5d611a3009c559049e27
- SHA1
  
  11aab366797c1d758b288002fcf79e38d7401dcb
- SHA256
  
  597c71c6a2012cf5ccd4a5e8b97be637add1d690283331c709f4c8fee94dd280
- SHA512
  
  5e2d50c87791d4a05144c2bcdd91f28b2ae464dbf6f23d3d1c04c255312b1b9c685619023c202d96cf7c0e8d432041ab365d4337b45dc6568a0a54dd1ab93b86
- SSDEEP
  
  6144:QZAFjCBUSf/f45NBQvOdS7965mgZBr7jbFSfMfqhWu4iW4ElEjyWBYa:IEOBWUvO4p6Q+J7vF+MQWT181
Score

10^/10

discovery matiex collection credential_access keylogger stealer
- Matiex
  Matiex is a keylogger and infostealer first seen in July 2020.
  stealer keylogger matiex
- Matiex Main payload
- Matiex family
  matiex
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

matiexcollectioncredential_accessdiscoverykeyloggerstealer

© 2018-2024

Terms | Privacy