General
-
Target
09009000INVOICE.exe
-
Size
751KB
-
Sample
201208-1nlfxjfeq6
-
MD5
36d3443b39511f4f06e5227cd64b1834
-
SHA1
3a2cf60aaa7b4ab56c2e33487ef7dd98f4221f4f
-
SHA256
32a0c4d5fea8fbc8dd04dbf43f3d3877184651e1b59fd831bdd2af1a64e8f7aa
-
SHA512
8ae7308130830787fb5d0380006ae9c3ceae6627d5401952d3934ec352f967b2731bd9c5daca43351f40a37281b6e0575d5312eb2da3f3a4c3ee0880e28bf972
Static task
static1
Behavioral task
behavioral1
Sample
09009000INVOICE.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Targets
-
-
Target
09009000INVOICE.exe
-
Size
751KB
-
MD5
36d3443b39511f4f06e5227cd64b1834
-
SHA1
3a2cf60aaa7b4ab56c2e33487ef7dd98f4221f4f
-
SHA256
32a0c4d5fea8fbc8dd04dbf43f3d3877184651e1b59fd831bdd2af1a64e8f7aa
-
SHA512
8ae7308130830787fb5d0380006ae9c3ceae6627d5401952d3934ec352f967b2731bd9c5daca43351f40a37281b6e0575d5312eb2da3f3a4c3ee0880e28bf972
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-