General
-
Target
1d04b434fec2b4aed7d9bf14386cb0f2.exe
-
Size
716KB
-
Sample
201220-9qmvtaswz6
-
MD5
1d04b434fec2b4aed7d9bf14386cb0f2
-
SHA1
61638197f2b5a05c1e5503a88d6995c1db1d325d
-
SHA256
58134d8a72d268e159c20e3c1e8cc3cd47e2ff4130f0d50161e30d12e845d0cc
-
SHA512
f41e15e7ac9d0a4de9080203a79bb0c16b0f4e6d086e9d8bf58af5aa39e2564cddb3095b92c34077cc58ed2130c5f4df2674b2d5634fba95fdb93d8894b0037f
Static task
static1
Behavioral task
behavioral1
Sample
1d04b434fec2b4aed7d9bf14386cb0f2.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Targets
-
-
Target
1d04b434fec2b4aed7d9bf14386cb0f2.exe
-
Size
716KB
-
MD5
1d04b434fec2b4aed7d9bf14386cb0f2
-
SHA1
61638197f2b5a05c1e5503a88d6995c1db1d325d
-
SHA256
58134d8a72d268e159c20e3c1e8cc3cd47e2ff4130f0d50161e30d12e845d0cc
-
SHA512
f41e15e7ac9d0a4de9080203a79bb0c16b0f4e6d086e9d8bf58af5aa39e2564cddb3095b92c34077cc58ed2130c5f4df2674b2d5634fba95fdb93d8894b0037f
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-