MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c86c244eb5730c740b052d1dfc7cbd528891a54dba7dbd6a2fe36535219e7403. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Matiex


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c86c244eb5730c740b052d1dfc7cbd528891a54dba7dbd6a2fe36535219e7403
SHA3-384 hash: cb239b793ca65940ad7ab64d98e2187bfd37b3ccb1070b1d5bff09f8b151e215353dfff41324ae736ac14b28c7c9e8f3
SHA1 hash: ff9ab15cd383bdb40ed036022a31bcac6c1bf5f1
MD5 hash: 6f6e030e599efd96361b253d2b203f91
humanhash: kentucky-fruit-triple-glucose
File name:invoice _25280.zip
Download: download sample
Signature Matiex
Create hunting rule
File size:701'140 bytes
First seen:2020-10-12 05:55:43 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:OtlQx7GDGD6ZJp5kXyFEM9r5SjA/+cUL2sBDEjhG3hzHj2a2uGkn:HdG6DcZwM9kjAWcUKsJ8hUxjmkn
TLSH DDE433D162DF38EEE4EAD91E55E35B430FB455D1B583408023BDF8BA53F8000E6AEA65
Reporter abuse_ch
Tags:geo ITA Matiex UniCredit zip


Avatar
abuse_ch
Malspam distributing Matiex:

HELO: dd24812.kasserver.com
Sending IP: 85.13.146.44
From: Banca Credito Italiano - Unicredit Group <info@badrenovierung-ehmann.de>
Reply-To: snambrath.almandoos@bk.ru
Subject: Re: Payments - October Invoices
Attachment: invoice _25280.zip (contains "invoice _25280.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c86c244eb5730c740b052d1dfc7cbd528891a54dba7dbd6a2fe36535219e7403/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-12 01:16:03 UTC
AV detection:
12 of 48 (25.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zbwcitvvomghicyffuo7y7f5kkejdjknxj6322rp4nstkim6oqbq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.66
Link:
https://yomi.yoroi.company/submissions/c86c244eb5730c740b052d1dfc7cbd528891a54dba7dbd6a2fe36535219e7403

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Matiex

zip c86c244eb5730c740b052d1dfc7cbd528891a54dba7dbd6a2fe36535219e7403

(this sample)

Matiex

Executable exe 201f5c48c9fc90bf0072b26a4311616bb1f22037dbab6959355ac72fa751dc0a

  
Dropping
MD5 695818b1adb3740f89b5b271ee8e4c54
  
Dropping
Matiex
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 201f5c48c9fc90bf0072b26a4311616bb1f22037dbab6959355ac72fa751dc0a

Comments