MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 479b99e01f707260794b52495e31967345d6e1830ee415821fff5e0910e448c8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Matiex


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 479b99e01f707260794b52495e31967345d6e1830ee415821fff5e0910e448c8
SHA3-384 hash: ad12d951f1b54a2f6a7bfc9f10764c50003babe1d5c2e2d638cf9160dfce5693ac68e2a9056fafd66fcfce699b9685a7
SHA1 hash: 3119d237dfb0512834f147d05a7c3db8ad8aa2b9
MD5 hash: 2988859f559346373267575893b573f2
humanhash: table-oklahoma-mirror-seventeen
File name:LIST OF NEW PO order___148SRLS6725W2 ALS.img
Download: download sample
Signature Matiex
Create hunting rule
File size:1'441'792 bytes
First seen:2020-10-07 05:28:59 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:mkUHpR8+ovVpowaGVFgLrbgUpj+vvvtg/dBi97g:mk/99iwayKjSvvvtglYk
TLSH 8465D051B001F447E64B1AB12C1FE86014A6BA7E9965C20D7496771ECAF339720AFECF
Reporter abuse_ch
Tags:img Matiex


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: atl4mhob16.registeredsite.com
Sending IP: 209.17.115.109
From: orders <orders@echoproducts.com>
Reply-To: orders <orders@echoproducts.com>
Subject: Re: Re: URGENT REFERENCE FOR QUOTATION OF ATTACHED NEW ORDER LIST
Attachment: LIST OF NEW PO order___148SRLS6725W2 ALS.img (contains "LIST OF NEW PO order___148SRLS6725W2 ALS.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
105
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/479b99e01f707260794b52495e31967345d6e1830ee415821fff5e0910e448c8/
Threat name:
ByteCode-MSIL.Backdoor.NanoBot
Create hunting rule
Status:
Malicious
First seen:
2020-10-07 04:14:38 UTC
AV detection:
21 of 48 (43.75%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=i6nztya7obzga6klkjev4mmwonc5nymdb3sblaq775pasehejdea._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/479b99e01f707260794b52495e31967345d6e1830ee415821fff5e0910e448c8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Matiex

img 479b99e01f707260794b52495e31967345d6e1830ee415821fff5e0910e448c8

(this sample)

Matiex

Executable exe 8204a720bdcb3db0b4241f2331dff32ec003476a6072df452388323f91912022

  
Dropping
MD5 19384153658f54a36ccc557417c8703e
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8204a720bdcb3db0b4241f2331dff32ec003476a6072df452388323f91912022

Comments