MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e46dc62cd27ec835359b0acd27569c81a59dde88db8577937774189c2f9a1e57. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Matiex


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e46dc62cd27ec835359b0acd27569c81a59dde88db8577937774189c2f9a1e57
SHA3-384 hash: c107ec146affd7e34c7042db5284ef9412dde77f7386de9f3b6021c4d74b8dbe83645800bb66b2ee505fd530c6f2ec96
SHA1 hash: ee2e5385c1464a13f2c25195fc0cad3218627aba
MD5 hash: fda57436cff1677823abcfbab88a1d00
humanhash: delta-angel-steak-lithium
File name:DHL NOTIFICATIONS.exe
Download: download sample
Signature Matiex
Create hunting rule
File size:1'072'025 bytes
First seen:2021-09-27 08:05:20 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 835f485ca718411734d873f35af1695e (4 x BitRAT, 3 x QuasarRAT, 2 x Matiex)
ssdeep 12288:nh7l38OKJBWkzfwS/M+xGtLdFkjY22oNFHw5wiSkFHYClgCgLsuJguIsJBRFbN:h58OgB5UW8geqFCwzkF4euJlIsJfpN
Threatray 1'876 similar samples on MalwareBazaar
TLSH T1D5359E23AAD42004D17B04F16CB2D9364B35FC0645064D1BB994F94E29B7A87BAB7F2F
File icon (PE):PE icon
dhash icon 1003873d31213f10 (142 x DarkCloud, 132 x GuLoader, 35 x a310Logger)
Reporter abuse_ch
Tags:DHL exe Matiex

Intelligence

File Origin
# of uploads :
1
# of downloads :
121
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
DHL NOTIFICATIONS.exe
Verdict:
Malicious activity
Analysis date:
2021-09-27 08:08:44 UTC
Tags:
installer evasion trojan snakekeylogger keylogger
Link:
https://app.any.run/tasks/7327b9b8-d3c2-4b1d-83c0-d9df93fe6fdc

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Matiex
Create hunting rule
Link:
https://www.capesandbox.com/analysis/191916/
Detection(s):
SecuriteInfo.com.Trojan.KillProc2.16679.11810.24101.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Launching a process
Using the Windows Management Instrumentation requests
Launching a service
DNS request
Connection attempt
Sending an HTTP GET request
Sending a custom TCP request
Moving a system file
Reading critical registry keys
Creating a file in the %temp% directory
Delayed writing of the file
Unauthorized injection to a system process
Malware family:
Matiex KeyLogger
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/183c7021-28e2-422c-aa25-36e2d01b7d44
Result
Threat name:
Matiex
Create hunting rule
Detection:
malicious
Classification:
rans.spre.troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/858722
Signature
Allocates memory in foreign processes
Found malware configuration
Injects a PE file into a foreign processes
Machine Learning detection for sample
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
Potential malicious icon found
Sample uses process hollowing technique
Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper Arguments
Sigma detected: Capture Wi-Fi password
Sigma detected: RegAsm connects to smtp port
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to harvest and steal WLAN passwords
Tries to steal Mail credentials (via file access)
Uses netsh to modify the Windows network and firewall settings
Writes to foreign memory regions
Yara detected Beds Obfuscator
Yara detected Matiex Keylogger
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e46dc62cd27ec835359b0acd27569c81a59dde88db8577937774189c2f9a1e57/
Threat name:
Win32.Trojan.Injuke
Create hunting rule
Status:
Malicious
First seen:
2021-09-27 07:31:30 UTC
AV detection:
8 of 45 (17.78%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4rw4mlgsp3edknm3blgsovu4qgsz3xui3ocxpe3xoqmjyl42dzlq._file
Verdict:
malicious
Similar samples:
26d61d43d05dddf996e499f7bda123770b11f7ba3dcf1f2cb9cd27e507778b78
Matiex
357569913d9435c1c2d15c74a27d1e59dee1b91634f25a690fc26f24c578769f
Matiex
4780ad66fe081922301a8a90ca01d2e30c6bd5cfcfbe3d768773e8cf86e864df
Matiex
4eb165d0adad5be9d9a4470eb3760a991c4ae1ae52ee2fe349851d1b50aaff53
Matiex
aac4b85568798e4a2ddb9cdb62004a9933bf9017a70a070528950ede8a962864
Matiex
cd4df0af062e1b998ecd50c9262ba2f2de9fb9fd300a7fc2596ecd3f4f5f224d
Matiex
e6e2a0f4f64aa78699c8e7e56f33c391d085e655a8a0579f5fa43c42cd580ca7
Matiex
eec64be092d3bd6ac2f32cbbc1bb4f50b373200d8431ae7f62a02834afbe7aef
Matiex
fa2a3d2d878502749a5c8b01a6244a8b9e2b7f0cb3b9d0d85cadc2a8dcb5a8dc
Matiex
+ 1'866 additional samples on MalwareBazaar
Result
Malware family:
matiex
Create hunting rule
Score:
  10/10
Tags:
family:matiex keylogger spyware stealer
Link:
https://tria.ge/reports/210927-jze2hagacq/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Matiex
Matiex Main Payload
Unpacked files
SH256 hash:
f675ea14986084147a44667e51401c9b419b67e0e922fc55a20f01a366f453aa
MD5 hash:
49fc9d688cc1c6a2c2136b285ae6940e
SHA1 hash:
99485cee0a230b0e48670ce326fc04a6a1c1e172
Link:
https://www.unpac.me/results/745c8a2f-0b67-4942-ac58-c03513923aae/
SH256 hash:
c1667fa6f6d37044c403c17010f36efc7e08d47ac2fb36a36b3c7e700eb97d81
MD5 hash:
eebb807f8a5a2d47c89648e4fb907f89
SHA1 hash:
35e8cbe02f0ce21492333604056e15bdbc923227
Link:
https://www.unpac.me/results/745c8a2f-0b67-4942-ac58-c03513923aae/
SH256 hash:
e46dc62cd27ec835359b0acd27569c81a59dde88db8577937774189c2f9a1e57
MD5 hash:
fda57436cff1677823abcfbab88a1d00
SHA1 hash:
ee2e5385c1464a13f2c25195fc0cad3218627aba
Link:
https://www.unpac.me/results/745c8a2f-0b67-4942-ac58-c03513923aae/
Malware family:
Phoenix
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/e46dc62cd27e/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e46dc62cd27ec835359b0acd27569c81a59dde88db8577937774189c2f9a1e57

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/191916/

Comments