General
-
Target
6bd406e1b80747a58dfe7a790a10e018.exe
-
Size
1.4MB
-
Sample
201220-bs5shjmknn
-
MD5
6bd406e1b80747a58dfe7a790a10e018
-
SHA1
d180e87336a3110fb3dcfe78c25107e2fc24b81a
-
SHA256
301b313fc2935587c991d2b007e225638b935b2b914507f9dc990f5c4185ef13
-
SHA512
12245735c11827efa199c544e2420a31778c974525366c46219fec291f7531cc704956a49da71adb850f28b288e06a8f936cf1bc5fdd0e2f2430ce290ccc1a0b
Static task
static1
Behavioral task
behavioral1
Sample
6bd406e1b80747a58dfe7a790a10e018.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Targets
-
-
Target
6bd406e1b80747a58dfe7a790a10e018.exe
-
Size
1.4MB
-
MD5
6bd406e1b80747a58dfe7a790a10e018
-
SHA1
d180e87336a3110fb3dcfe78c25107e2fc24b81a
-
SHA256
301b313fc2935587c991d2b007e225638b935b2b914507f9dc990f5c4185ef13
-
SHA512
12245735c11827efa199c544e2420a31778c974525366c46219fec291f7531cc704956a49da71adb850f28b288e06a8f936cf1bc5fdd0e2f2430ce290ccc1a0b
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-