MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b2be978e389bf6813270971a335eddb21f4eb81988ad9cb9f1ddb74286885fdd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Matiex


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b2be978e389bf6813270971a335eddb21f4eb81988ad9cb9f1ddb74286885fdd
SHA3-384 hash: 007c3d02940c32b9cd3127c5a1dcd22928ab388c934aefccde840431a422a2f3d23c2eb9f049ff317fda567b0682cde9
SHA1 hash: 0ff1314c502cc256f53a607031b3f1816343de71
MD5 hash: 610e0e7008da4ffecf532388d6349cd9
humanhash: september-sodium-virginia-golf
File name:payment invoice090909000.img
Download: download sample
Signature Matiex
Create hunting rule
File size:471'947 bytes
First seen:2020-12-28 08:01:55 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:iSbYTk+L5e9NEHKfgVsshNyI7rZtbh+Bo7c3eTSw:RVtNEggVFrhPJ
TLSH B2A4238C59A8AEF9376C1CC16E6CCB4BB2DC0794AEDCC4351B144FAFB874B1488916B5
Reporter abuse_ch
Tags:CHN geo img


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: hosted-by.rootlayer.net
Sending IP: 45.137.22.52
From: shipping@hysong.cn
Subject: 付款发票
Attachment: payment invoice090909000.img (contains "payment invoice090909000.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
522
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_fn25.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b2be978e389bf6813270971a335eddb21f4eb81988ad9cb9f1ddb74286885fdd/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-12-27 23:32:30 UTC
AV detection:
11 of 47 (23.40%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wk7jpdrytp3icmtqs4ndgxw5wipu5oazrcwzzopr3w3ufbuil7oq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b2be978e389bf6813270971a335eddb21f4eb81988ad9cb9f1ddb74286885fdd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Matiex

zip b2be978e389bf6813270971a335eddb21f4eb81988ad9cb9f1ddb74286885fdd

(this sample)

Matiex

Executable exe 9a14ef7dd61e214e5d8f0ed0e4e98efdf3b6a97794e12e6c74811f85bf0fe021

  
Dropping
MD5 5ce9199ca2f9bbfb99cf5dd672e884af
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9a14ef7dd61e214e5d8f0ed0e4e98efdf3b6a97794e12e6c74811f85bf0fe021

Comments