matiex | 39d7b97907b7836d51b332d85ecdbf4cd5fa55de562959a020a6752adeea4e1c | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...d2.exe

windows10-2004-x64

JaffaCakes...d2.exe

windows11-21h2-x64

Sharing

Copy URL Twitter E-mail

General

Target

JaffaCakes118_03ba23a85802f57beed2d5c69453c6d2
Size

500KB
Sample

250514-wcfqqszpv2
MD5

03ba23a85802f57beed2d5c69453c6d2
SHA1

3d83f5623299630fd6f57a567ac048c7d1853dcb
SHA256

39d7b97907b7836d51b332d85ecdbf4cd5fa55de562959a020a6752adeea4e1c
SHA512

028c6edb097565b888589159fb7c8eb92604c333ac58cd075447eb369ae2cd071b85ee0ffdd427ec448fe1b3070adfe26ff5c28482b997a630f8f95b719e2974
SSDEEP

6144:KbCwND4GM89iCb/MN6TeKyzErvWiGJgKJhHgK:Ql4Cbb/MpVKpKJ5gK

Score

10^/10

matiex collection discovery keylogger spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_03ba23a85802f57beed2d5c69453c6d2.exe

Resource

win10v2004-20250502-en

matiex collection discovery keylogger spyware stealer

windows10-2004-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_03ba23a85802f57beed2d5c69453c6d2.exe

Resource

win11-20250502-en

matiex collection discovery keylogger spyware stealer

windows11-21h2-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

matiex

C2

https://api.telegram.org/bot1271137457:AAFNGECSqnP1dXVAPgbr-EWVUDbzylXjmhg/sendMessage?chat_id=1216524090

Targets

- Target
  
  JaffaCakes118_03ba23a85802f57beed2d5c69453c6d2
- Size
  
  500KB
- MD5
  
  03ba23a85802f57beed2d5c69453c6d2
- SHA1
  
  3d83f5623299630fd6f57a567ac048c7d1853dcb
- SHA256
  
  39d7b97907b7836d51b332d85ecdbf4cd5fa55de562959a020a6752adeea4e1c
- SHA512
  
  028c6edb097565b888589159fb7c8eb92604c333ac58cd075447eb369ae2cd071b85ee0ffdd427ec448fe1b3070adfe26ff5c28482b997a630f8f95b719e2974
- SSDEEP
  
  6144:KbCwND4GM89iCb/MN6TeKyzErvWiGJgKJhHgK:Ql4Cbb/MpVKpKJ5gK
Score

10^/10

matiex collection discovery keylogger spyware stealer
- Matiex
  Matiex is a keylogger and infostealer first seen in July 2020.
  stealer keylogger matiex
- Matiex Main payload
- Matiex family
  matiex
- Drops startup file
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

matiexcollectiondiscoverykeyloggerspywarestealer

behavioral2

matiexcollectiondiscoverykeyloggerspywarestealer

© 2018-2025

Terms | Privacy

	
		OSZAR »