General
-
Target
09000000MMM090.exe
-
Size
461KB
-
Sample
201224-g6ahha47kn
-
MD5
086959707f8687e0764bce8b5c0c6aa3
-
SHA1
316f4aa555ffa7c249253e5a6dc3af68c9bd6ae8
-
SHA256
c6a6df5f1efbeb60a9249cd6561f3eb8cc319de796595aa82180f6762ef6f43a
-
SHA512
d041cf94607a803193c1ce429313c169c89f2920a908b8f4db2b70798be5cc9f2f88c6cd92de33881f9b721ba81d201f6ee2fb59fc1310e09f616bcf2bcc3a5e
Static task
static1
Behavioral task
behavioral1
Sample
09000000MMM090.exe
Resource
win7v20201028
Malware Config
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Targets
-
-
Target
09000000MMM090.exe
-
Size
461KB
-
MD5
086959707f8687e0764bce8b5c0c6aa3
-
SHA1
316f4aa555ffa7c249253e5a6dc3af68c9bd6ae8
-
SHA256
c6a6df5f1efbeb60a9249cd6561f3eb8cc319de796595aa82180f6762ef6f43a
-
SHA512
d041cf94607a803193c1ce429313c169c89f2920a908b8f4db2b70798be5cc9f2f88c6cd92de33881f9b721ba81d201f6ee2fb59fc1310e09f616bcf2bcc3a5e
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-