MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a0ecaf6fdc15c7c67f3f14860daf7b01763fd6884df5a908ee0593915cc5929c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Matiex


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a0ecaf6fdc15c7c67f3f14860daf7b01763fd6884df5a908ee0593915cc5929c
SHA3-384 hash: c1d8693addfe2ea3b946cddb83a64d0b6868327fbe49232d05c93e072bb48a27122afbabebac1b865a832fd1fe9c13c3
SHA1 hash: adc1825b4226b360243435c378f623ce76d2e5af
MD5 hash: 168d47e7b9447e75914c0c21f5ec6d0a
humanhash: fillet-artist-autumn-low
File name:BV10013 (Rev A).scr
Download: download sample
Signature Matiex
Create hunting rule
File size:865'792 bytes
First seen:2020-07-20 14:52:42 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 24576:mVKLtmsdLn7aO+4KbndPl/W8T0qYH25W2rEloD/e:00OOdKbdP88HrsoS
Threatray 46 similar samples on MalwareBazaar
TLSH F005E0C47B40940EC59E1F7A4E528D708330AD56F6F2E34767C67AAE297F39BC805292
Reporter abuse_ch
Tags:Matiex scr

Intelligence

File Origin
# of uploads :
1
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/29243/
Detection(s):
SecuriteInfo.com.MSIL.GenKryptik.EONH.32323.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a window
Creating a file in the %AppData% directory
Creating a file in the %temp% directory
Launching a process
Creating a process with a hidden window
Deleting a recently created file
Creating a file
Using the Windows Management Instrumentation requests
Sending an HTTP GET request
Sending a custom TCP request
Reading critical registry keys
Launching the process to change network settings
Setting a global event handler for the keyboard
Enabling autorun with Startup directory
Unauthorized injection to a system process
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/391829
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a0ecaf6fdc15c7c67f3f14860daf7b01763fd6884df5a908ee0593915cc5929c/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-20 14:54:08 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=udwk6364cxd4m7z7csda3l33af3d7vuijx22schoawjzcxgfskoa._file
Verdict:
unknown
Similar samples:
1218e6f611d06cbf81e8b72e9c1fab06d8d54c5a7b6ce49e4e26bf86ec1807b2
Matiex
137b5dc137f3f0c5bc3d4e1cd1f2396b33bd5b87291f72013a98b319c130b451
Matiex
27fdb772f1161e6e143fccb5ce3e4d5240896f7f9a7d21d6daefd9501dc1d81f
Matiex
2db7aa7291c73bde092cd4cc8af0aff7eac7245ae5b034d8bb8810c76d85cd91
Matiex
36e5646b2622d4c47947fa54a8f35c1c9d91db60ce3116e352f9f93b8a9f3ada
Matiex
4249d6f93c374bf9199c33bbc49f57c1d1dd983e8c6356b5ed8739d326683c77
Matiex
5f829ed079ce3010fb99eca5ee356e2ffc5ab62cedfb2683ac5ac76a66fb3ed1
Matiex
9dc8d8533e87fe22f98fb67f8705e14e93a8eeb5da355dc15251e03837334162
Matiex
cbea7c520c29190723567b1bdce1c76ae7052a5ca84c42163c67419ad1ce7200
Matiex
ec9668cae1c65020021d2c633b68286944f1e6b1ddf5183d40ef823607e29cba
Matiex
+ 36 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/200720-fl2gf4ry7n/
Behaviour
Suspicious use of SetWindowsHookEx
Creates scheduled task(s)
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Program crash
Suspicious use of SetThreadContext
Modifies service
Looks up external IP address via web service
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Reads data files stored by FTP clients
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a0ecaf6fdc15c7c67f3f14860daf7b01763fd6884df5a908ee0593915cc5929c

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_matiex_keylogger_v1
Create hunting rule
Author:Johannes Bader @viql
Description:detects the Matiex Keylogger

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Matiex

Executable exe a0ecaf6fdc15c7c67f3f14860daf7b01763fd6884df5a908ee0593915cc5929c

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/29243/

Comments