General
-
Target
f4a1a5ea2c673050ab32f9831d680a82.exe
-
Size
530KB
-
Sample
201222-hme4mld9cs
-
MD5
f4a1a5ea2c673050ab32f9831d680a82
-
SHA1
d7b73d348da8866c52391d380abf2c0419ebc8c7
-
SHA256
8dd700744b756fb23ad0b9dfab2ca965105adddc4206276fcb6805f8dd934c4a
-
SHA512
1412bc5bf3dad16801858daf328edf7edc261cdd2dbb499c11414f6d1d6d12e7c096f020c5063400d7b80462691caacdcf8974400a59f3a36d4bef0d31348bf5
Static task
static1
Behavioral task
behavioral1
Sample
f4a1a5ea2c673050ab32f9831d680a82.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Targets
-
-
Target
f4a1a5ea2c673050ab32f9831d680a82.exe
-
Size
530KB
-
MD5
f4a1a5ea2c673050ab32f9831d680a82
-
SHA1
d7b73d348da8866c52391d380abf2c0419ebc8c7
-
SHA256
8dd700744b756fb23ad0b9dfab2ca965105adddc4206276fcb6805f8dd934c4a
-
SHA512
1412bc5bf3dad16801858daf328edf7edc261cdd2dbb499c11414f6d1d6d12e7c096f020c5063400d7b80462691caacdcf8974400a59f3a36d4bef0d31348bf5
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-