General
-
Target
857d76fe35dffe27c19ea691fc55b1b0.exe
-
Size
716KB
-
Sample
201230-m8dl4wbnea
-
MD5
857d76fe35dffe27c19ea691fc55b1b0
-
SHA1
96059a573a3915358576cf47dda524f5e794e68c
-
SHA256
606d71ee2279fa142144bfddb518aa863ad5b1bc0c07c03ea87f14ee5123f4f1
-
SHA512
f9e09ba7bf1c6f7db891a62d2fee0ae25539ec0e99af2c2a6d02001813a0333c806e43eec0d018bd763e65919c44facba2469499dd7c3077e6af7e0d70b51339
Static task
static1
Behavioral task
behavioral1
Sample
857d76fe35dffe27c19ea691fc55b1b0.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Targets
-
-
Target
857d76fe35dffe27c19ea691fc55b1b0.exe
-
Size
716KB
-
MD5
857d76fe35dffe27c19ea691fc55b1b0
-
SHA1
96059a573a3915358576cf47dda524f5e794e68c
-
SHA256
606d71ee2279fa142144bfddb518aa863ad5b1bc0c07c03ea87f14ee5123f4f1
-
SHA512
f9e09ba7bf1c6f7db891a62d2fee0ae25539ec0e99af2c2a6d02001813a0333c806e43eec0d018bd763e65919c44facba2469499dd7c3077e6af7e0d70b51339
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-