MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 95d6724114c72160be15e03a2280c5548ece04815f52f6d61666c23bc5551cfc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Matiex


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 95d6724114c72160be15e03a2280c5548ece04815f52f6d61666c23bc5551cfc
SHA3-384 hash: 178c2cf874b465227b2c4cb7bcfcd41a99cd3db711f6b5363abf1a6e328e939ffe7a6006a2e6c671adb2f9a76d3d3dc4
SHA1 hash: 7f85bc774b87ad220a6f8dd87ca8447631d44147
MD5 hash: 779d6bbd6896f4523271be6e37a115e0
humanhash: twelve-fanta-uranus-wolfram
File name:779d6bbd6896f4523271be6e37a115e0.exe
Download: download sample
Signature Matiex
Create hunting rule
File size:2'232'872 bytes
First seen:2020-12-29 07:11:58 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a262877a36fc7e0f830054e0f70f76cb (7 x Matiex, 4 x AgentTesla, 4 x Loki)
ssdeep 49152:lhUacRT39VIQfT3WUacRT39VIQfTzWUacRT39VIQfT:lhUzRjwQfjWUzRjwQfHWUzRjwQf
Threatray 218 similar samples on MalwareBazaar
TLSH 69A5CE83B052F5DCC81CA13A0597C8D850E51F39B4714EA76AC12627B9FF2D8AE5ECE1
Reporter abuse_ch
Tags:exe Matiex

Intelligence

File Origin
# of uploads :
1
# of downloads :
458
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
779d6bbd6896f4523271be6e37a115e0.exe
Verdict:
Malicious activity
Analysis date:
2020-12-29 07:14:13 UTC
Tags:
evasion trojan
Link:
https://app.any.run/tasks/319e6137-c7df-4b7b-9083-6220f2deb642

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/109688/
Detection(s):
Win.Trojan.Autoit-7356348-0
Create hunting rule

Win.Dropper.Remcos-9805040-0
Create hunting rule

Win.Dropper.LokiBot-9805481-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a file
Running batch commands
Modifying an executable file
Launching a process
Sending a UDP request
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Matiex
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/571192
Signature
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected Matiex Keylogger
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 334658 Sample: Y1EB9An0Tv.exe Startdate: 29/12/2020 Architecture: WINDOWS Score: 72 53 Multi AV Scanner detection for dropped file 2->53 55 Multi AV Scanner detection for submitted file 2->55 57 Yara detected Matiex Keylogger 2->57 59 2 other signatures 2->59 14 Y1EB9An0Tv.exe 2 2->14         started        process3 file4 51 C:\Users\user\AppData\Local\Temp\...\file.exe, PE32 14->51 dropped 17 Y1EB9An0Tv.exe 1 14->17         started        19 Y1EB9An0Tv.exe 14->19         started        process5 process6 21 Y1EB9An0Tv.exe 1 17->21         started        23 Y1EB9An0Tv.exe 17->23         started        process7 25 Y1EB9An0Tv.exe 1 21->25         started        27 Y1EB9An0Tv.exe 21->27         started        process8 29 Y1EB9An0Tv.exe 1 25->29         started        31 Y1EB9An0Tv.exe 25->31         started        process9 33 Y1EB9An0Tv.exe 1 29->33         started        35 Y1EB9An0Tv.exe 29->35         started        process10 37 Y1EB9An0Tv.exe 1 33->37         started        39 Y1EB9An0Tv.exe 33->39         started        process11 41 Y1EB9An0Tv.exe 1 37->41         started        43 Y1EB9An0Tv.exe 37->43         started        process12 45 Y1EB9An0Tv.exe 1 41->45         started        47 Y1EB9An0Tv.exe 41->47         started        process13 49 Y1EB9An0Tv.exe 45->49         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/95d6724114c72160be15e03a2280c5548ece04815f52f6d61666c23bc5551cfc/
Threat name:
Win32.Infostealer.Stelega
Create hunting rule
Status:
Malicious
First seen:
2020-12-27 16:32:00 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
301b313fc2935587c991d2b007e225638b935b2b914507f9dc990f5c4185ef13
Matiex
32a0c4d5fea8fbc8dd04dbf43f3d3877184651e1b59fd831bdd2af1a64e8f7aa
Matiex
5be73e98e79472632484157eb2f58f914dee24521fc6cb5f26c02709664a0413
Matiex
6b7afa4ba43a383c37bd7a265fb401be83482f7682cd2f6fd1ee733a38314092
Matiex
87c5ab62121c4a7e7a515d9172f649522d1a8e5e7fce9381f1e53da0e7440635
Matiex
bee3c64a4d3862a54f11a05303fb39c9768891841673269e477d0d87ec1862e2
Matiex
c04d9dda88a75f4ed924e20617847a4d7a8ff729754e8ad66f3557fb90ed5d25
Matiex
eefd38a540e7ac67780dda6a05981f1c6c4933717adce549e060d098e7b0fb29
Matiex
f70814e5323848f5ef921f93e8a1a9bd2e99dec11777004c59bf989093707956
Matiex
fd2336c8ae5390379d9a54b4a0bd7a77030e2cb36e68ae1ad0388bd8caff0d07
Matiex
+ 208 additional samples on MalwareBazaar
Result
Malware family:
matiex
Create hunting rule
Score:
  10/10
Tags:
family:matiex keylogger spyware stealer
Link:
https://tria.ge/reports/201229-bgbvrxb5p6/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Matiex
Matiex Main Payload
Unpacked files
SH256 hash:
95d6724114c72160be15e03a2280c5548ece04815f52f6d61666c23bc5551cfc
MD5 hash:
779d6bbd6896f4523271be6e37a115e0
SHA1 hash:
7f85bc774b87ad220a6f8dd87ca8447631d44147
Link:
https://www.unpac.me/results/db6f8eb1-d1eb-431a-9f48-dff94278abcf/
SH256 hash:
c1667fa6f6d37044c403c17010f36efc7e08d47ac2fb36a36b3c7e700eb97d81
MD5 hash:
eebb807f8a5a2d47c89648e4fb907f89
SHA1 hash:
35e8cbe02f0ce21492333604056e15bdbc923227
Link:
https://www.unpac.me/results/db6f8eb1-d1eb-431a-9f48-dff94278abcf/
SH256 hash:
90ebe6ba1864918cbb518142cf61da4be4d804ec6e64a43fb43a7b894eaefa4e
MD5 hash:
9c8d1ae4bd82484d1d0fa055c81131bc
SHA1 hash:
7e5dfe303310546dcab08a9ecef8dc5d93a512ac
Link:
https://www.unpac.me/results/db6f8eb1-d1eb-431a-9f48-dff94278abcf/
SH256 hash:
9fdb96a85a60d4064a5822ea1d8b9291c01371ee98e0f21d4e8cf39e62151bd6
MD5 hash:
1dcf9bdb0d7d571790d9f9da8bfed5cd
SHA1 hash:
0e7bedb6f35d745d65e40c3515b717a0a50fd3fe
Link:
https://www.unpac.me/results/db6f8eb1-d1eb-431a-9f48-dff94278abcf/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Remcos
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/95d6724114c72160be15e03a2280c5548ece04815f52f6d61666c23bc5551cfc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/109688/

Comments