MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0c057157ad65ebd8e9fc9ace3fcd42d5692f8ba1854107bfb131595417178ebc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Matiex


Vendor detections: 4


Intelligence 4 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0c057157ad65ebd8e9fc9ace3fcd42d5692f8ba1854107bfb131595417178ebc
SHA3-384 hash: 95b7e134e93f530da1c8fd3a8361e070671772948d97ad019577ef2dedb32bbe3d63f7df491eb0b561c181ddf010606d
SHA1 hash: d3f8e3937a7b750176c363a0ef612deb6b5b7294
MD5 hash: 471991a919b20cf3144b283fd58fb7aa
humanhash: steak-ceiling-bacon-salami
File name:rflBPCMj1cyYzdo.exe
Download: download sample
Signature Matiex
Create hunting rule
File size:556'544 bytes
First seen:2020-11-17 11:59:28 UTC
Last seen:2020-11-19 14:37:47 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'607 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 12288:vTcUdPAjqE9t8LFulYc86fQQqJD5bcaVOaASAV9vSJR:voUJAjqE78E2KqXbcBSmv
Threatray 1'058 similar samples on MalwareBazaar
TLSH 24C4D0753A81FE8EC31F4D76C6502D046EB0A8675B07E70F788B16ED191E79A8F006B6
Reporter JAMESWT_WT
Tags:Matiex

Intelligence

File Origin
# of uploads :
2
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the %AppData% directory
Creating a file in the %temp% directory
Launching a process
Creating a process with a hidden window
Deleting a recently created file
DNS request
Sending an HTTP GET request
Sending a custom TCP request
Reading critical registry keys
Enabling autorun by creating a file
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0c057157ad65ebd8e9fc9ace3fcd42d5692f8ba1854107bfb131595417178ebc/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 09:03:09 UTC
File Type:
PE (.Net Exe)
Extracted files:
5
AV detection:
25 of 28 (89.29%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bqcxcv5nmxv5r2p4tlhd7tkc2vus7c5bqvaqpp5rgfmvifyxr26a._file
Verdict:
unknown
Similar samples:
150f883f1a99dea83e3391920107220fd9794bdaacfb7dc482b44d00e7603023
Matiex
2de8befd5512337e4e9c723289d086b229345708d167936e1212bcf8641f193a
Matiex
4574055c204f272af805107051d06291970dfa5e1f05fafd268f17b499b3ebf8
Matiex
4661da61c0b3120e6e6487dd9b3ebc8a6725608547bfc8bcc9bd9f2e0b777121
Matiex
91b37fab98fd83d117c89e338310c1e0e4e1496405a6b3dfe6d4852bd85d137a
Matiex
98fe679693d1f5a9c43102f6b95c4e85ef347e7e616fba8ec87d7c6b6beab98c
Matiex
c4d6d963cf7f0dc28b29315b205cfd21ee783a8fa74e391089ba5cd9937847e1
Matiex
cbd2c4b5531b924ae824137a1349613686aa8e9599adbfc2c1741b69c3f2ad24
Matiex
da4e120e4586c277edfa8a75a76f502a53c60594caee8b0bdf452220c9c61efb
Matiex
ea3db8f3bc6a78c6ddfee2668f61f94f7eedb2125c6480fe4af685951a873ded
Matiex
+ 1'048 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence spyware
Link:
https://tria.ge/reports/201117-4exwnwekjn/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies service
Looks up external IP address via web service
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
0c057157ad65ebd8e9fc9ace3fcd42d5692f8ba1854107bfb131595417178ebc
MD5 hash:
471991a919b20cf3144b283fd58fb7aa
SHA1 hash:
d3f8e3937a7b750176c363a0ef612deb6b5b7294
Link:
https://www.unpac.me/results/14f30b96-4398-46b3-878f-1be4908d91a2/
SH256 hash:
cb951f1d2b5460456aad0d89cef1216d9be5e51784d11a92447d43e96177bd5e
MD5 hash:
8cd5d2014866f4ef60802ff1826998a6
SHA1 hash:
8ff75946905d0b117080cc5a07e6e0bbea4e9bbd
Link:
https://www.unpac.me/results/14f30b96-4398-46b3-878f-1be4908d91a2/
SH256 hash:
9da8ad8161ecc79fb481da8c66e81ad8307c2515def805da62f2e6c64cafd680
MD5 hash:
d92fa22d73b55ca2631dcb69e93a8594
SHA1 hash:
d22f53b2333e7340327b16f73edd24b1ece802b4
Link:
https://www.unpac.me/results/14f30b96-4398-46b3-878f-1be4908d91a2/
SH256 hash:
35b77905ae496551b70da1af2534cdb79e7798f92265d0047ea6d3be48836ea0
MD5 hash:
de369191090a85b1f8d9dc0a092c80a2
SHA1 hash:
d69fbe5e6145d4245c8b5317916eab6ad7a638f1
Link:
https://www.unpac.me/results/14f30b96-4398-46b3-878f-1be4908d91a2/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_EXE_Packed_ConfuserExMod_BedsProtector
Create hunting rule
Author:ditekSHen
Description:Detects executables packed with ConfuserEx Mod Beds Protector
Rule name:Keylog_bin_mem
Create hunting rule
Author:James_inthe_box
Description:Contains Keylog
Rule name:MALWARE_Win_Snake
Create hunting rule
Author:ditekSHen
Description:Detects Snake Keylogger

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Matiex

Executable exe 0c057157ad65ebd8e9fc9ace3fcd42d5692f8ba1854107bfb131595417178ebc

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/825868/
  
Delivery method
Distributed via web download

Comments