General
-
Target
c1ec75cdf8a1c8406c9316157f9b8d30.exe
-
Size
536KB
-
Sample
201221-khphxhlpvs
-
MD5
c1ec75cdf8a1c8406c9316157f9b8d30
-
SHA1
2616c352680005510ee57229a534a9a8b66d1b6d
-
SHA256
1ad22f5ef94ef0cc6f10e24f3233747dd251f2ad3053aa049b20fb594c03fb3d
-
SHA512
1c56a304b68d0f5fe42d8b6ca2958bf518e3dcb4aa024067a18d168cee0e454dce875e5e5122206f82f10ba5be12c356ec22618cfac8babc749f4ad0b286f761
Static task
static1
Behavioral task
behavioral1
Sample
c1ec75cdf8a1c8406c9316157f9b8d30.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Targets
-
-
Target
c1ec75cdf8a1c8406c9316157f9b8d30.exe
-
Size
536KB
-
MD5
c1ec75cdf8a1c8406c9316157f9b8d30
-
SHA1
2616c352680005510ee57229a534a9a8b66d1b6d
-
SHA256
1ad22f5ef94ef0cc6f10e24f3233747dd251f2ad3053aa049b20fb594c03fb3d
-
SHA512
1c56a304b68d0f5fe42d8b6ca2958bf518e3dcb4aa024067a18d168cee0e454dce875e5e5122206f82f10ba5be12c356ec22618cfac8babc749f4ad0b286f761
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-