General
-
Target
ad2c13cc92594f67bb6cc381427b1286.exe
-
Size
1.4MB
-
Sample
201220-vkdrkf84le
-
MD5
ad2c13cc92594f67bb6cc381427b1286
-
SHA1
f83e16aeb6ff0e6001ec42e477fab748b768a2b5
-
SHA256
6b7afa4ba43a383c37bd7a265fb401be83482f7682cd2f6fd1ee733a38314092
-
SHA512
a6d564668de8c60529080f2440f12962595cebdcdb9632f6efa73991d3c87fefdad48f2444747a6d5fb087936982c7d27f0973ec8e598e36c04d7bdabe0984f0
Static task
static1
Behavioral task
behavioral1
Sample
ad2c13cc92594f67bb6cc381427b1286.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Targets
-
-
Target
ad2c13cc92594f67bb6cc381427b1286.exe
-
Size
1.4MB
-
MD5
ad2c13cc92594f67bb6cc381427b1286
-
SHA1
f83e16aeb6ff0e6001ec42e477fab748b768a2b5
-
SHA256
6b7afa4ba43a383c37bd7a265fb401be83482f7682cd2f6fd1ee733a38314092
-
SHA512
a6d564668de8c60529080f2440f12962595cebdcdb9632f6efa73991d3c87fefdad48f2444747a6d5fb087936982c7d27f0973ec8e598e36c04d7bdabe0984f0
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-