MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e988bd1435a355903dd7c3db15832742301c9b1e3db08cec8b10d9a0a5421512. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Matiex


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e988bd1435a355903dd7c3db15832742301c9b1e3db08cec8b10d9a0a5421512
SHA3-384 hash: 10e9b37caec7259376999c3b3361728db812e77742af5e6a2a16155f906c6aed1e5024fbc8225dd8d9ca2dd271c42ae0
SHA1 hash: 35130831484f895f21bc281dacd857949b5b0b12
MD5 hash: ce88c2e352da13935c91e9848e0921f0
humanhash: nine-alabama-fillet-alanine
File name:New Purchase order.R12
Download: download sample
Signature Matiex
Create hunting rule
File size:477'925 bytes
First seen:2021-04-19 06:58:42 UTC
Last seen:2021-04-20 05:42:30 UTC
File type: rar
MIME type:application/x-rar
ssdeep 12288:kEhy8tKY7PjLEdSK2KcA9dXiJatWKC4IgVkcE:vk8tHPjLEd72vA9sa1XkcE
TLSH 7DA42352DBF6808A7B5B79D79AEE9F0020B30D7AECBDD1A04172CD051D2816EF5947C4
Reporter cocaman
Tags:Matiex r12


Avatar
cocaman
Malicious email (T1566.001)
From: "Andrea Berret <export@novex.it>" (likely spoofed)
Received: "from novex.it (unknown [84.38.135.208]) "
Date: "19 Apr 2021 19:07:00 +0300"
Subject: "Fwd: New Purchase order PO19085121"
Attachment: "New Purchase order.R12"

Intelligence

File Origin
# of uploads :
9
# of downloads :
117
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e988bd1435a355903dd7c3db15832742301c9b1e3db08cec8b10d9a0a5421512/
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5gel2fbvunkzapoxypnrlazhiiybzgy6hwyiz3elcdm2bjkccuja._file
Result
Malware family:
matiex
Create hunting rule
Score:
  10/10
Tags:
family:matiex evasion keylogger spyware stealer
Link:
https://tria.ge/reports/210419-b8ymfkegwx/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Looks up external IP address via web service
Maps connected drives based on registry
Checks BIOS information in registry
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Looks for VMWare Tools registry key
Looks for VirtualBox Guest Additions in registry
Matiex
Matiex Main Payload
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e988bd1435a355903dd7c3db15832742301c9b1e3db08cec8b10d9a0a5421512

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Matiex

rar e988bd1435a355903dd7c3db15832742301c9b1e3db08cec8b10d9a0a5421512

(this sample)

Matiex

Executable exe 679f1795caa441c8b37db048309ca99745c25090ecdba817ff607c9156c22019

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 679f1795caa441c8b37db048309ca99745c25090ecdba817ff607c9156c22019
  
Dropping
Matiex

Comments