MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 da6761f510410bffddc3d88f53c4a63f2be0c56eee45e5c8f2d82081d84d14d3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Matiex


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: da6761f510410bffddc3d88f53c4a63f2be0c56eee45e5c8f2d82081d84d14d3
SHA3-384 hash: 384b54f3dc5352558ba900d42712d5db7650a839ce06cbf11b18486cf8edcad42072c3f74834ad47e0fd1933b9cc944d
SHA1 hash: a7ee44386bdbf54a720fc2b1988e172ce43dc9b2
MD5 hash: 67f49e016549b9c96cb1c66da62b38d1
humanhash: mirror-five-undress-tango
File name:pictures and Invoice.zip
Download: download sample
Signature Matiex
Create hunting rule
File size:1'510'254 bytes
First seen:2020-07-07 08:26:07 UTC
Last seen:2020-07-07 09:55:01 UTC
File type: zip
MIME type:application/zip
ssdeep 24576:VBaFxh1+2OTUl5t7LwzfhSNNNt2+YdoEYe4Kzpf5xo9aozCKM3oZ+xxGCzOcVq:/aFz1FkY59L6hAI+Qw8zt0aozCKMtn/s
TLSH 616533B3D5E025060A6572AAFBF5258125900E17ADA5FD4ED0F9D8CE7A308E8F5F1CC2
Reporter abuse_ch
Tags:AgentTesla Matiex zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: slot0.fundscript.xyz
Sending IP: 45.95.169.179
From: info@fundscript.xyz
Reply-To: info@fundscript.xyz
Subject: Conclusion of Goods
Attachment: pictures and Invoice.zip (contains "Invoice 4907856.exe")

AgentTesla SMTP exfil server:
smtp.privateemail.com:587

Intelligence

File Origin
# of uploads :
3
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.24016.ZipHeur.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.21103.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/da6761f510410bffddc3d88f53c4a63f2be0c56eee45e5c8f2d82081d84d14d3/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-07 08:28:07 UTC
AV detection:
21 of 31 (67.74%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3jtwd5iqief77xod3chvhrfgh4v6brlo5zc6lshs3aqidwcnctjq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Matiex

zip da6761f510410bffddc3d88f53c4a63f2be0c56eee45e5c8f2d82081d84d14d3

(this sample)

AgentTesla

Executable exe 40cf3214cd412e73955af3a64b3e61691ec44f3ee6bd8031ea37e69dce07b393

  
Dropping
MD5 cfe01269c178fea11b28130dd457c43e
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 40cf3214cd412e73955af3a64b3e61691ec44f3ee6bd8031ea37e69dce07b393
  
Dropping
SHA256 de44283f7ccd395563808b6959085c30fad50e32d8a016b201c492f1f92e41d6
  
Dropping
MD5 80e998b0d647b192f3d888cfacd01f34
  
Dropping
SHA256 40c2c761bdc8603d5bc7c0ef1668a16b7a6a9de062268418e53c8b399fa33adb
  
Dropping
MD5 305169143f17a668f43eba80eba3e4b7

Comments