MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7beab2868ef93af646071fd61c0ab535230c0f9972980e1bded8f49c9f5392ef. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Matiex


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7beab2868ef93af646071fd61c0ab535230c0f9972980e1bded8f49c9f5392ef
SHA3-384 hash: 8a6453aed20caca50983af96ced0ddca36cd3db32fd6b14fbfb92469cec51b4436c20d829001beb7dbb339ff8f96baaf
SHA1 hash: f283cccb66e45da836c74059a559d5662cf340a5
MD5 hash: 27023178af9de77b8eaa31b33718ebf2
humanhash: california-california-fish-three
File name:logo.exe
Download: download sample
Signature Matiex
Create hunting rule
File size:15'872 bytes
First seen:2020-12-21 07:40:31 UTC
Last seen:2020-12-21 09:34:03 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 384:JyQC7NqcKWZRbVTKBd7LUJfl5RxVtFIwJGuOL:jCoHwRbVTqGflvx/FIwJGuO
Threatray 25 similar samples on MalwareBazaar
TLSH C562F1DD6BA856E3D95DFF3492B210B27B101836242E876B0495C39F9C4EB51EAC027F
Reporter abuse_ch
Tags:exe Matiex Yahoo


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: sonic307-10.consmr.mail.ne1.yahoo.com
Sending IP: 66.163.190.33
From: Amber <pratik.hakim@yahoo.com>
Reply-To: brentdamantel@gmail.com
Subject: 3 x 40ft Container Mixed
Attachment: Previous Conversations and Order.7z (contains "logo.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
147
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
logo.exe
Verdict:
Malicious activity
Analysis date:
2020-12-21 07:44:53 UTC
Tags:
evasion trojan 404keylogger stealer
Link:
https://app.any.run/tasks/30ba41e5-45ae-43be-95b2-27fbb041bff8

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Artemis27023178AF9D.15109.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a custom TCP request
Running batch commands
Creating a process with a hidden window
Launching a process
DNS request
Unauthorized injection to a recently created process
Creating a file
Using the Windows Management Instrumentation requests
Sending an HTTP GET request
Sending a UDP request
Sending a TCP request to an infection source
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Enabling autorun by creating a file
Enabling autorun
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/567211
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7beab2868ef93af646071fd61c0ab535230c0f9972980e1bded8f49c9f5392ef/
Threat name:
ByteCode-MSIL.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-12-21 02:24:22 UTC
AV detection:
22 of 28 (78.57%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ppvlfbuo7e5pmrqhd7lbycvvgurqyd4zokma4g663d2jzh2tslxq._file
Verdict:
unknown
Similar samples:
0c6dbb5a8b9e0e7189b201b4387c4d23f2eec78a1b8c66834fc51a10b9f992f9
Matiex
29eb1cc47e1691ce931b66a745b10f88dff84fbdd8b8ec7b407137c362a9154f
Matiex
320592aa53514c7fd425f4c691e4be802ca964955d5a6fdd960a8725c36737b4
Matiex
47fc6e8b1fcbd7a6b0955ffeb4a6b995b50964da04b50f8e52ef5e770ec68840
Matiex
8bb625e15877474a379c52910cf7741a3b356416f89c019456d740aae69aea33
Matiex
9cef44491d14577c5041187e34b13b784c7f26ab95ead4db16081e8c3d9c8a1d
Matiex
dc77896335b79cbba7a95f8ce91d4d68600cb29a26cfa0de8033363b4d28508b
Matiex
e3c342be37ab6f49260bc36cec49561b08479b1a577ec2df7b634caffd585d96
Matiex
f3475e4fc7c4307bc41e68f95ed31b88f5b24fb37efb3078d6732341761d96df
Matiex
fb25872744b711f6c9290d7ce2d3cf371e89c9919c8d77786ab528e47034d0e3
Matiex
+ 15 additional samples on MalwareBazaar
Result
Malware family:
matiex
Create hunting rule
Score:
  10/10
Tags:
family:matiex keylogger persistence spyware stealer
Link:
https://tria.ge/reports/201221-eeg6yra1m6/
Behaviour
Delays execution with timeout.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of SetThreadContext
Adds Run key to start application
Looks up external IP address via web service
Drops startup file
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Matiex
Matiex Main Payload
Modifies WinLogon for persistence
Unpacked files
SH256 hash:
7beab2868ef93af646071fd61c0ab535230c0f9972980e1bded8f49c9f5392ef
MD5 hash:
27023178af9de77b8eaa31b33718ebf2
SHA1 hash:
f283cccb66e45da836c74059a559d5662cf340a5
Link:
https://www.unpac.me/results/a4615127-923d-4597-bf68-58433e39c625/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7beab2868ef93af646071fd61c0ab535230c0f9972980e1bded8f49c9f5392ef

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Matiex

zip c70a4248ece62858d86bb7e53b2bcaa80150c2f3cd8c332e472de0316b42a5aa

Matiex

Executable exe 7beab2868ef93af646071fd61c0ab535230c0f9972980e1bded8f49c9f5392ef

(this sample)

  
Dropped by
MD5 0d9b3355547b1083e97526fb71c7abe3
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 c70a4248ece62858d86bb7e53b2bcaa80150c2f3cd8c332e472de0316b42a5aa

Comments