General
-
Target
e9535539ed1ab039bab810aa46a930a5.exe
-
Size
716KB
-
Sample
201222-hxcpm56rfj
-
MD5
e9535539ed1ab039bab810aa46a930a5
-
SHA1
607ee3f9b1ed73827f75dd84866f367713d10516
-
SHA256
7ce58a8ed7f02449af63701fed0a0170b2795aeeb2df1453c6238743ecb2a934
-
SHA512
bac6ea6ca02d6cc19815b2db32db49791574d1e3b1b9fdc7539e74aeb2c56d5b59674924ad6b25a4b426ebc169d65b7548e37cdd588e71cf8d88313b8f03d49e
Static task
static1
Behavioral task
behavioral1
Sample
e9535539ed1ab039bab810aa46a930a5.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Targets
-
-
Target
e9535539ed1ab039bab810aa46a930a5.exe
-
Size
716KB
-
MD5
e9535539ed1ab039bab810aa46a930a5
-
SHA1
607ee3f9b1ed73827f75dd84866f367713d10516
-
SHA256
7ce58a8ed7f02449af63701fed0a0170b2795aeeb2df1453c6238743ecb2a934
-
SHA512
bac6ea6ca02d6cc19815b2db32db49791574d1e3b1b9fdc7539e74aeb2c56d5b59674924ad6b25a4b426ebc169d65b7548e37cdd588e71cf8d88313b8f03d49e
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-