General
-
Target
d95bab4390145e6ed0e3638c0f978b01.exe
-
Size
530KB
-
Sample
201218-tzz7rbg7ys
-
MD5
d95bab4390145e6ed0e3638c0f978b01
-
SHA1
1e26c19b80bc558f6eca65bcd19c871090991437
-
SHA256
d45c6e62e99101aae9217d090ed7ecf7c2e0a67d0010d7db6cf8c60a44a0b8b8
-
SHA512
203b5021834b3e47d6177af9c82ccd1283931a29eaea16cf49d58be14a670cc605de72a752ef53e19544d09420c4cf021ce1e04b3abae3704bbe0cffc17aed35
Static task
static1
Behavioral task
behavioral1
Sample
d95bab4390145e6ed0e3638c0f978b01.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Targets
-
-
Target
d95bab4390145e6ed0e3638c0f978b01.exe
-
Size
530KB
-
MD5
d95bab4390145e6ed0e3638c0f978b01
-
SHA1
1e26c19b80bc558f6eca65bcd19c871090991437
-
SHA256
d45c6e62e99101aae9217d090ed7ecf7c2e0a67d0010d7db6cf8c60a44a0b8b8
-
SHA512
203b5021834b3e47d6177af9c82ccd1283931a29eaea16cf49d58be14a670cc605de72a752ef53e19544d09420c4cf021ce1e04b3abae3704bbe0cffc17aed35
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-