MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 51610d0c7661e9a0ef24e38d6f5f64f3108d556d1ce430e7d8ed8b70df34b37d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Matiex


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 51610d0c7661e9a0ef24e38d6f5f64f3108d556d1ce430e7d8ed8b70df34b37d
SHA3-384 hash: f13096c47be2df3824c9221c21070543d04bd74954bd0605d2f3fb130d6545d8906abf3abcc780c6a44f359f5462a4dd
SHA1 hash: d741ba9a3a310f5a699590178400bf959c9ad685
MD5 hash: 5477b5c41d27848b0066778911ec22ed
humanhash: kansas-alanine-mike-venus
File name:OgI24G8ta2DV2tA.z
Download: download sample
Signature Matiex
Create hunting rule
File size:525'915 bytes
First seen:2020-12-18 08:39:05 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:Q2PRuZ3ibdrMLcjVVLqXOoQwgYorAc00/PIT4YE2EZuyi:Q2PO3ArEcjVVLq+oQF1sS/ATu22Pi
TLSH 23B4233864EEF87BF491C3D61C6A098397C59E8278CF2E90697FDD6CE894508B1185EC
Reporter abuse_ch
Tags:geo Matiex VNM z


Avatar
abuse_ch
Malspam distributing Matiex:

HELO: hosted-by.rootlayer.net
Sending IP: 185.222.58.152
From: orhankose85@hotmail.com
Subject: HOÁ ĐƠN ĐẶT HÀNG
Attachment: OgI24G8ta2DV2tA.z (contains "OgI24G8ta2DV2tA.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
128
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.CIL.HeapOverride.Heur.11202.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/51610d0c7661e9a0ef24e38d6f5f64f3108d556d1ce430e7d8ed8b70df34b37d/
Threat name:
ByteCode-MSIL.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2020-12-18 08:40:07 UTC
AV detection:
10 of 48 (20.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kfqq2ddwmhu2b3ze4ogw6x3e6mii2vlndtsdbz6y5wfxbxzuwn6q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/51610d0c7661e9a0ef24e38d6f5f64f3108d556d1ce430e7d8ed8b70df34b37d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Matiex

zip 51610d0c7661e9a0ef24e38d6f5f64f3108d556d1ce430e7d8ed8b70df34b37d

(this sample)

Matiex

Executable exe efed7937344ba48b8c75c280a6c61e848de83a45e3a22d03ed760e0aa25f104c

  
Dropping
MD5 8c647c5fa8f9a53350ef9e084e972bc1
  
Dropping
Matiex
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 efed7937344ba48b8c75c280a6c61e848de83a45e3a22d03ed760e0aa25f104c

Comments