MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4524f74c75340e0761a5e4e0f3c070fb96a364de054fead9c96c8ee8f4f81f0a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 6 File information Yara Comments

SHA256 hash: 4524f74c75340e0761a5e4e0f3c070fb96a364de054fead9c96c8ee8f4f81f0a
SHA3-384 hash: 5a23266085d31fd5761a3704c2d47ea76bcdf83d67e9bae06aba1b398922268b588cb53c8d40ae82e5d28f7b3cc7d64f
SHA1 hash: b3c4734cbc3846304647fbf6854f6cbb3c0ab635
MD5 hash: bbebe99bf36cb3dc4c3c37a9487468ac
humanhash: montana-leopard-winner-ten
File name:TNT E-Invoice Consignment Delivey Notification_pdf.exe
Download: download sample
Signature Matiex
File size:410'624 bytes
First seen:2020-07-31 15:10:44 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 12288:g3aJkbyUz3pLxwpy6kmy6k1y6kVy6kMy6k0Vy6key6kS2AZ:gNmUzpxOy6kmy6k1y6kVy6kMy6k0Vy6d
TLSH 259439F067448C96D5AF6978C83656B32D63A54F9F34804C389ABF0B7D3238A8857877
Reporter @James_inthe_box
Tags:exe Matiex

Intelligence


File Origin
# of uploads :
1
# of downloads :
50
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Result
Threat name:
AgentTesla Matiex
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Signature
Binary contains a suspicious time stamp
Creates an undocumented autostart registry key
Executable has a suspicious name (potential lure to open the executable)
Found malware configuration
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
May check the online IP address of the machine
Sigma detected: Capture Wi-Fi password
Tries to harvest and steal ftp login credentials
Tries to harvest and steal WLAN passwords
Tries to steal Mail credentials (via file access)
Uses netsh to modify the Windows network and firewall settings
Yara detected AgentTesla
Yara detected Matiex Keylogger
Behaviour
Behavior Graph:
Threat name:
ByteCode-MSIL.Trojan.Genasep
Status:
Malicious
First seen:
2020-07-31 15:10:13 UTC
AV detection:
23 of 31 (74.19%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  10/10
Tags:
spyware persistence
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetThreadContext
Modifies service
Suspicious use of SetThreadContext
Looks up external IP address via web service
Looks up external IP address via web service
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Reads user/profile data of local email clients
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Modifies WinLogon for persistence
Modifies WinLogon for persistence
Threat name:
Trojan
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments