MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d8cbbb4144d9b4350b367fa89b250b4a35933b77c00d36b3e885f2aa17e0aaff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Matiex


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d8cbbb4144d9b4350b367fa89b250b4a35933b77c00d36b3e885f2aa17e0aaff
SHA3-384 hash: cf6f8442d4195080cf6d193053bf2f985a3830513993ea0bcd0ea1aee285ca1284b27aa8f315dd987aa939240dbd919c
SHA1 hash: 2b9afb0325e7aeb15dbb4b30ac081e1037dae4e8
MD5 hash: 17a59b4dd563d2b260de6b1bba7f57f9
humanhash: william-beryllium-ohio-nebraska
File name:Purchase Order 11052021.ace
Download: download sample
Signature Matiex
Create hunting rule
File size:855'867 bytes
First seen:2021-05-12 05:49:28 UTC
Last seen:2021-05-12 06:01:31 UTC
File type: ace
MIME type:application/octet-stream
ssdeep 24576:ixIDYTHm8/jFnusr4JwXxJwnBBHIk/4DmFdNvxbL9LzQ5:ixqqHmw7rDXMom5NvdNe
TLSH 86053346F65D0C0FF9DE06611180AE48D0494A47ABB9EE0B67B830CDE4CDAF69878ED1
Reporter cocaman
Tags:ace Matiex


Avatar
cocaman
Malicious email (T1566.001)
From: ""Roy Asghar" <saslam@pseb.org.pk>" (likely spoofed)
Received: "from mageneet.com (unknown [31.210.21.71]) "
Date: "11 May 2021 10:52:30 -0700"
Subject: "=?UTF-8?B?UmU6IOWbnuWkje+8mlB1cmNoYXNlIE9yZGVyIDExMDUyMDIx?="
Attachment: "Purchase Order 11052021.ace"

Intelligence

File Origin
# of uploads :
2
# of downloads :
129
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25738.AceHeur.Exe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25166.AceHeur.Exe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Suspicious-ACE-exe.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d8cbbb4144d9b4350b367fa89b250b4a35933b77c00d36b3e885f2aa17e0aaff/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2021-05-12 04:09:33 UTC
File Type:
Binary (Archive)
Extracted files:
17
AV detection:
18 of 47 (38.30%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3df3wqke3g2dkczwp6ujwjilji2zgo3xyagtnm7iqxzkuf7avl7q._file
Result
Malware family:
matiex
Create hunting rule
Score:
  10/10
Tags:
family:matiex keylogger spyware stealer
Link:
https://tria.ge/reports/210512-tks62ryng2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Matiex
Matiex Main Payload
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/d8cbbb4144d9b4350b367fa89b250b4a35933b77c00d36b3e885f2aa17e0aaff

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Matiex

ace d8cbbb4144d9b4350b367fa89b250b4a35933b77c00d36b3e885f2aa17e0aaff

(this sample)

Matiex

Executable exe 2eddb4551fd410d3febd1c4a3ae0ebc9f0723a8973b2426afeb1ff2a44b54b26

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2eddb4551fd410d3febd1c4a3ae0ebc9f0723a8973b2426afeb1ff2a44b54b26

Comments