MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8dd97dc341e72b4830a7375c3e51de56ac35b91a31498d2dbeba929846d6129e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Matiex


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8dd97dc341e72b4830a7375c3e51de56ac35b91a31498d2dbeba929846d6129e
SHA3-384 hash: 0ecc5c22ddb4d09a1a569737ae4ce03a37aaa9cc10c65559e11dfe19403c5840573659ef24d4d2669320c7cba27493c4
SHA1 hash: efea505622e66451df835544a541cdf2644350dd
MD5 hash: 170d8b1b82becf5da5d00a625cc48e82
humanhash: dakota-bulldog-twelve-batman
File name:Pics_Documents_logo_specifications.7z
Download: download sample
Signature Matiex
Create hunting rule
File size:3'525'954 bytes
First seen:2021-01-12 06:15:06 UTC
Last seen:2021-01-12 07:18:40 UTC
File type: zip
MIME type:application/zip
ssdeep 49152:gQnPjBceYmQCaUztRtojnWb3P2wDSLVOf1j4CRkAWREXWzrctVpRNNlSDnEGBE5G:jTYUZIjnaf1tAHinNlQ9UThPfgBAK
TLSH DCF5332F4B7DFCE82DA43594126CC113666960F75B330A855CBCA56B926A8DF7033287
Reporter abuse_ch
Tags:7z


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: pizza-vip05.virtualhosting.hk
Sending IP: 203.135.158.185
From: lock.warx@yahoo.com
Reply-To: lock.warx@yahoo.com
Subject: Re: 3 x 40ft Container Mixed
Attachment: Pics_Documents_logo_specifications.7z (contains "wCRnCAMZ3yT8BQ2.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
99
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen11.57608.5475.9023.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8dd97dc341e72b4830a7375c3e51de56ac35b91a31498d2dbeba929846d6129e/
Threat name:
ByteCode-MSIL.Backdoor.NanoBot
Create hunting rule
Status:
Malicious
First seen:
2021-01-12 06:15:11 UTC
AV detection:
12 of 46 (26.09%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rxmx3q2b44vuqmfhg5od4uo6k2wdloi2gfey2ln6xkjjqrwwckpa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8dd97dc341e72b4830a7375c3e51de56ac35b91a31498d2dbeba929846d6129e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Matiex

zip 8dd97dc341e72b4830a7375c3e51de56ac35b91a31498d2dbeba929846d6129e

(this sample)

Matiex

Executable exe 08c29dfa0ccb747751c5ff3ccde88f7f8a5a87152121f75f60a886b14e86bf00

  
Dropping
MD5 2363f93331fc792ae9cb5750043bdc89
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 08c29dfa0ccb747751c5ff3ccde88f7f8a5a87152121f75f60a886b14e86bf00
  
Dropping
SHA256 702554b4a0770d70bd5972318d2294ef2b26001595b574d122264b8c1793457c
  
Dropping
MD5 0f330f518f4f71f0735cce4eaf1612d7

Comments