MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c00d17f0d857d7124090cfda8e3be6139e90378f84d77f692c7306ed20da2b9e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: c00d17f0d857d7124090cfda8e3be6139e90378f84d77f692c7306ed20da2b9e
SHA3-384 hash: 09abfa8cf6aabf58d3591cef7ac9547629755df7498acb79b779ff62d6bc6f14f2c0144c30ac28cd0057c02962b157bb
SHA1 hash: cbfd161050618d2b83f59851ab6940e14a3ab3e7
MD5 hash: b5a22d486475e76dff1c29ea7a4cd255
humanhash: hydrogen-maryland-whiskey-xray
File name:INVOICE.PDF.z
Download: download sample
Signature Matiex
File size:367'238 bytes
First seen:2020-07-31 08:38:25 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 6144:npGAzyX+EhoMcRpmjXGMxRDC/6eAbFe7EQIFHVK1j1+fK4XiwCTiXbkLNNoU:3yOEhoMEpmjX5xRDrxZwmo4y4XhCTirs
TLSH C67423BCD2474BAF784F20C450808BFAED4E589EFEBE9247ADB600551B93DE35264076
Reporter @abuse_ch
Tags:Matiex z


Twitter
@abuse_ch
Malspam distributing unidentified malware:

HELO: saturn2.communilink.net
Sending IP: 203.124.10.244
From: Acount Director <ronny.yu@trust-link.com.hk>
Subject: Proforma Invoice
Attachment: INVOICE.PDF.z (contains "INVOICE.PDF.exe")

Intelligence


File Origin
# of uploads :
1
# of downloads :
27
Origin country :
FR FR
Mail intelligence
Geo location:
Global
Volume:
High
Vendor Threat Intelligence
Threat name:
Win32.Trojan.DataStealer
Status:
Malicious
First seen:
2020-07-31 02:11:00 UTC
AV detection:
17 of 31 (54.84%)
Threat level
  5/5
Threat name:
Tinba
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Matiex

z c00d17f0d857d7124090cfda8e3be6139e90378f84d77f692c7306ed20da2b9e

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments