General
-
Target
0019111f7841f5b1c278e2044d2f9d5e.exe
-
Size
530KB
-
Sample
201218-cxdzhq631x
-
MD5
0019111f7841f5b1c278e2044d2f9d5e
-
SHA1
a278ca51692e7ba06296609e7d8658ad999d975f
-
SHA256
96ab46097968162491d192347bb607c5ff43d8b8ac3a813ee54dc3cdf84828d1
-
SHA512
537acf17e0c530bdc01c12abe292c1641b8c1a146f7e4ecf06077752c64fcf1d8b6427aeb20105254d065832881571d78954116c7c572ec52e664e8c2b250410
Static task
static1
Behavioral task
behavioral1
Sample
0019111f7841f5b1c278e2044d2f9d5e.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Targets
-
-
Target
0019111f7841f5b1c278e2044d2f9d5e.exe
-
Size
530KB
-
MD5
0019111f7841f5b1c278e2044d2f9d5e
-
SHA1
a278ca51692e7ba06296609e7d8658ad999d975f
-
SHA256
96ab46097968162491d192347bb607c5ff43d8b8ac3a813ee54dc3cdf84828d1
-
SHA512
537acf17e0c530bdc01c12abe292c1641b8c1a146f7e4ecf06077752c64fcf1d8b6427aeb20105254d065832881571d78954116c7c572ec52e664e8c2b250410
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-