MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 404b0c9d56bc554c5cbeddfc79821b88f5781762b69c3519bcebf02fb76a6735. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Matiex


Vendor detections: 6


Intelligence 6 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 404b0c9d56bc554c5cbeddfc79821b88f5781762b69c3519bcebf02fb76a6735
SHA3-384 hash: d5a243bad2ad551c966a6fe635e0047f8788649bbd31bb8c45af084a0bc5edf83e517a8962163007b06f6af30f0e2581
SHA1 hash: 4a014702c145a215d0c6a3ae34af2efcae8b69a5
MD5 hash: 042f4126e29d94d01cacefa3226ba08f
humanhash: jersey-papa-zebra-april
File name:RFQ Shipment Doc.exe
Download: download sample
Signature Matiex
Create hunting rule
File size:710'144 bytes
First seen:2020-10-15 17:24:19 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'607 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 12288:dzy7SM/9Aa9YqK5NVSVvA429lPWGUH1R2icinkPPtUptMbfb:ty7Sq9fyqK5/S2bKhcinkPPezMb
Threatray 42 similar samples on MalwareBazaar
TLSH C1E423C96BE081D7D8CDE332EDB102419A7D92616E8F6E2BF6C819B94D463D81BC11F4
Reporter abuse_ch
Tags:exe Matiex

Intelligence

File Origin
# of uploads :
1
# of downloads :
96
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/71557/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Launching a process
Creating a file
Using the Windows Management Instrumentation requests
DNS request
Sending an HTTP GET request
Sending a custom TCP request
Reading critical registry keys
Setting a global event handler for the keyboard
Unauthorized injection to a system process
Result
Threat name:
Matiex
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/492841
Signature
Machine Learning detection for sample
Maps a DLL or memory area into another process
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file access)
Writes to foreign memory regions
Yara detected Matiex Keylogger
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/404b0c9d56bc554c5cbeddfc79821b88f5781762b69c3519bcebf02fb76a6735/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-15 10:01:47 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ibfqzhkwxrkuyxf63x6htaq3rd2xqf3cw2odkgn45pyc7n3km42q._file
Verdict:
unknown
Similar samples:
0475b267bb4bb0a7361831168694a3c3b411e64f9f3b2edb2ade4a215dc7400b
Matiex
16732dd83907bd9e881729cca144a2008193830f9db8686030216091a380d9d0
Matiex
2c1b93f7236a800d389423b44844c9207cb5ab4047d806508d3986c058a21246
Matiex
4a024542511c7d0a40e8317486b7177eaf71ee355f1731f17bc632731ea814b0
Matiex
64e336a9ba35cd79314c0ca934116b4d002a0e7be35e905fb15ce7c5c7839519
Matiex
6637c089017af9c448d8235e20db32603d8547f0611187341cf184dc66c170b4
Matiex
a183a94f7c049de1770e76be272a29e0ec7b3b4344ef5c4dc2fe9ddd5962b5bd
Matiex
b46bd25fca309781558509bdb4f408b085d83c74e71adc5de4eeb349bc8c4c7a
Matiex
b60f7101e7fe4632ce94f03fe039e6ff31d5d4a00b304fff73f7cfd3d9023e4c
Matiex
c75035a9d20e8c0c04f6054e270cf85588d4dc555000be1f25d3f70e6973a71f
Matiex
+ 32 additional samples on MalwareBazaar
Result
Malware family:
matiex
Create hunting rule
Score:
  10/10
Tags:
spyware stealer keylogger family:matiex
Link:
https://tria.ge/reports/201015-y4kntslqmj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Matiex
Matiex Main Payload
Unpacked files
SH256 hash:
c1667fa6f6d37044c403c17010f36efc7e08d47ac2fb36a36b3c7e700eb97d81
MD5 hash:
eebb807f8a5a2d47c89648e4fb907f89
SHA1 hash:
35e8cbe02f0ce21492333604056e15bdbc923227
Link:
https://www.unpac.me/results/0afe3435-c211-4f9c-afd2-2a4ebda88405/
SH256 hash:
feaae313a6561b8c7827b67cbae4a1340da1c614ceda529be5208ed08927cff3
MD5 hash:
7c2fee10a21da3f501590aa57949c60b
SHA1 hash:
3f09c247b5ecb8575c05c503a16dc2a679fc9f1b
Link:
https://www.unpac.me/results/0afe3435-c211-4f9c-afd2-2a4ebda88405/
SH256 hash:
5b7f94f7b102e010aae1ab182e765138aacca6cfae5e805af9e23da85f1eabaa
MD5 hash:
14f9d3a6463b4f1ffd725d70bc8a0a29
SHA1 hash:
afa55e1d4a6eb77467083ecdd320271fe032e40f
Link:
https://www.unpac.me/results/0afe3435-c211-4f9c-afd2-2a4ebda88405/
SH256 hash:
404b0c9d56bc554c5cbeddfc79821b88f5781762b69c3519bcebf02fb76a6735
MD5 hash:
042f4126e29d94d01cacefa3226ba08f
SHA1 hash:
4a014702c145a215d0c6a3ae34af2efcae8b69a5
Link:
https://www.unpac.me/results/0afe3435-c211-4f9c-afd2-2a4ebda88405/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.45
Link:
https://yomi.yoroi.company/submissions/404b0c9d56bc554c5cbeddfc79821b88f5781762b69c3519bcebf02fb76a6735

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Keylog_bin_mem
Create hunting rule
Author:James_inthe_box
Description:Contains Keylog
Rule name:win_matiex_keylogger_v1
Create hunting rule
Author:Johannes Bader @viql
Description:detects the Matiex Keylogger

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Matiex

Executable exe 404b0c9d56bc554c5cbeddfc79821b88f5781762b69c3519bcebf02fb76a6735

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/71557/

Comments