General
-
Target
00000000808000.exe
-
Size
872KB
-
Sample
201222-he4jg74k26
-
MD5
738b31b889afcc0e99bcfa3411a4cafe
-
SHA1
6db9a9a1106fc18abc48d555afa6b7457ab91206
-
SHA256
42ed72b284dd390611cdc6b88aab94d9afa0b48d12037aa3edc64aeede11499c
-
SHA512
9cd14d84f751ee9fe12a6578c8dd4e9dbb430854d88ac31e79b52984a552542f2e233d8872dd47bea7477fdfacc62042646f3afbb2a05e899f7ab2acd0743048
Static task
static1
Behavioral task
behavioral1
Sample
00000000808000.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Targets
-
-
Target
00000000808000.exe
-
Size
872KB
-
MD5
738b31b889afcc0e99bcfa3411a4cafe
-
SHA1
6db9a9a1106fc18abc48d555afa6b7457ab91206
-
SHA256
42ed72b284dd390611cdc6b88aab94d9afa0b48d12037aa3edc64aeede11499c
-
SHA512
9cd14d84f751ee9fe12a6578c8dd4e9dbb430854d88ac31e79b52984a552542f2e233d8872dd47bea7477fdfacc62042646f3afbb2a05e899f7ab2acd0743048
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-