General
-
Target
d4c2d5d8db659879c78bd58b38641a27.exe
-
Size
2.1MB
-
Sample
201228-r62hmy4v8a
-
MD5
d4c2d5d8db659879c78bd58b38641a27
-
SHA1
fae9e306bca69ae1cb2ffe396fe2b7825f9b311e
-
SHA256
a4dcfeca12e7e1dddb41f574622f1f68e16a135f46a06d53b639e3ed632ced3b
-
SHA512
9aae9f28361b3ccbaca6f376579cc955ea1910c0aedbe786a52c548b34b76b52791198c427a6099a86e925571c1278a282593385f2d4389482cc707992d19642
Static task
static1
Behavioral task
behavioral1
Sample
d4c2d5d8db659879c78bd58b38641a27.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Targets
-
-
Target
d4c2d5d8db659879c78bd58b38641a27.exe
-
Size
2.1MB
-
MD5
d4c2d5d8db659879c78bd58b38641a27
-
SHA1
fae9e306bca69ae1cb2ffe396fe2b7825f9b311e
-
SHA256
a4dcfeca12e7e1dddb41f574622f1f68e16a135f46a06d53b639e3ed632ced3b
-
SHA512
9aae9f28361b3ccbaca6f376579cc955ea1910c0aedbe786a52c548b34b76b52791198c427a6099a86e925571c1278a282593385f2d4389482cc707992d19642
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-