MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5497370a1c39741caebb42d33e653266fa0d71810a1cec19aac99931ac81a15e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Matiex


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5497370a1c39741caebb42d33e653266fa0d71810a1cec19aac99931ac81a15e
SHA3-384 hash: 91da79b7a50bbd4599b7277fca6839c207edd98aa40c81de4224b6eb2cfd9592808fea9eed580dd4ca20a291158b7205
SHA1 hash: da472077e58a0db92adc046fe49f7043b89df0d2
MD5 hash: 0626ef6fc6a36ab12410789b3838c8c9
humanhash: princess-minnesota-two-bluebird
File name:NKP210102-NIT-SC2.rar
Download: download sample
Signature Matiex
Create hunting rule
File size:617'815 bytes
First seen:2021-01-14 06:11:54 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:Zb31KWOWmleX9oD2SKcTuLeQpj0ZWQyc7RwjM0mx8GdmmouIQ1I7en1:Zb31S+X9c2EuLeQF0V0MdmFo
TLSH F3D423355127547E0BF5EE39DBF3CF400F328D968D4451A85AA9848B2C32F6BCB39429
Reporter abuse_ch
Tags:rar


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: ac697-398.techjera.com
Sending IP: 85.95.240.205
From: Nasr Koujan<info@geniuswho.com>
Reply-To: <sales01@foricco.com>
Subject: Re: Revise Quotaion
Attachment: NKP210102-NIT-SC2.rar (contains "NKP210102-NIT-SC2.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
123
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5497370a1c39741caebb42d33e653266fa0d71810a1cec19aac99931ac81a15e/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-01-14 06:12:05 UTC
AV detection:
11 of 46 (23.91%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ksltocq4hf2bzlv3iljt4zjsm35a24mbbiooygnkzgmtdlebufpa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/5497370a1c39741caebb42d33e653266fa0d71810a1cec19aac99931ac81a15e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Matiex

rar 5497370a1c39741caebb42d33e653266fa0d71810a1cec19aac99931ac81a15e

(this sample)

Matiex

Executable exe af8629a317a5fe7aa5900f445cd855b902a495c497646c3ef1485ea5a9d026a7

  
Dropping
MD5 087dfca6f2b2c9825a49d4b986d7f539
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 af8629a317a5fe7aa5900f445cd855b902a495c497646c3ef1485ea5a9d026a7

Comments