General
-
Target
640d35405523999bfc3f39a8e053259e.exe
-
Size
716KB
-
Sample
201220-5z7449cwpe
-
MD5
640d35405523999bfc3f39a8e053259e
-
SHA1
67221e50d758b536440867ad1f7b59216e6789f3
-
SHA256
1013840ac2390a6e2a17e41c6750382202efe8c7449505248322ef6a39750fc6
-
SHA512
aa15257bdf4ba8bcf296e9e0fda851cd026a955004a089a15389ca7f6a16104caec5d2f0b307744cd991c4554e11520e15ff795a145cb529732994d3d4dc2582
Static task
static1
Behavioral task
behavioral1
Sample
640d35405523999bfc3f39a8e053259e.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Targets
-
-
Target
640d35405523999bfc3f39a8e053259e.exe
-
Size
716KB
-
MD5
640d35405523999bfc3f39a8e053259e
-
SHA1
67221e50d758b536440867ad1f7b59216e6789f3
-
SHA256
1013840ac2390a6e2a17e41c6750382202efe8c7449505248322ef6a39750fc6
-
SHA512
aa15257bdf4ba8bcf296e9e0fda851cd026a955004a089a15389ca7f6a16104caec5d2f0b307744cd991c4554e11520e15ff795a145cb529732994d3d4dc2582
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-