MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5e17eb054fdd11f124f33dab985b6c19453f326513f8571db2ce25f0bf52dce1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 3 File information Yara Comments

SHA256 hash: 5e17eb054fdd11f124f33dab985b6c19453f326513f8571db2ce25f0bf52dce1
SHA3-384 hash: d7265e9cc99b61054ad1acaaf6fb1c468b9a653944e720202f379f770d43c67fba2366383b43128e15e624635cea1d8c
SHA1 hash: b11b644da2303eac702a93b3e2454e1028b2b81c
MD5 hash: 138148e9001855318a98c6407f12f67b
humanhash: stream-winter-mirror-lima
File name:PO.z
Download: download sample
Signature Matiex
File size:310'930 bytes
First seen:2020-07-31 12:17:35 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 6144:jN+bbddiI9cLPigeSFkDvVR5dUv2e0kNLuuoUlxiN7s:jN+bbddH9cLPigeS+NSv2e0C6uoc
TLSH EF6423EA856414397AC2ACB0D654C32B61C8AF7ED7F1A6BC1223D49B0672A9B35705CC
Reporter @abuse_ch
Tags:Matiex z


Twitter
@abuse_ch
Malspam distributing unidentified malware:

HELO: ismarine.com.tr
Sending IP: 62.232.216.219
From: Express ADG <EXPRESS_ADG@ismarine.com.tr>
Subject: Urgent Request for Invoice
Attachment: PO.z (contains "PO.exe")

Intelligence


File Origin
# of uploads :
1
# of downloads :
35
Origin country :
FR FR
Mail intelligence
Geo location:
Global
Volume:
Low
Vendor Threat Intelligence
Threat name:
Win32.Trojan.DataStealer
Status:
Malicious
First seen:
2020-07-31 12:19:12 UTC
AV detection:
16 of 48 (33.33%)
Threat level
  5/5
Threat name:
Legit
Score:
0.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Matiex

z 5e17eb054fdd11f124f33dab985b6c19453f326513f8571db2ce25f0bf52dce1

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments