General
-
Target
bbd1ce37c7cc14680add7c6c16b4f7dd.exe
-
Size
532KB
-
Sample
210103-sd5hge8zjn
-
MD5
bbd1ce37c7cc14680add7c6c16b4f7dd
-
SHA1
95409e3d167c9e4e6768f3ade39271d81c10675d
-
SHA256
1f1442c75d2ae64eb1c66b8b9008b1382b69aa7ddb5b075f9320f18ffab16ef6
-
SHA512
62358386554d071c1b32d510dd7357978f2588b3c1097c505ac8056ade4e0a54229ca132c7d16baf59b0efe8380c5ca4b8d446f7909430ac86bd983a1f5e93e7
Static task
static1
Behavioral task
behavioral1
Sample
bbd1ce37c7cc14680add7c6c16b4f7dd.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Targets
-
-
Target
bbd1ce37c7cc14680add7c6c16b4f7dd.exe
-
Size
532KB
-
MD5
bbd1ce37c7cc14680add7c6c16b4f7dd
-
SHA1
95409e3d167c9e4e6768f3ade39271d81c10675d
-
SHA256
1f1442c75d2ae64eb1c66b8b9008b1382b69aa7ddb5b075f9320f18ffab16ef6
-
SHA512
62358386554d071c1b32d510dd7357978f2588b3c1097c505ac8056ade4e0a54229ca132c7d16baf59b0efe8380c5ca4b8d446f7909430ac86bd983a1f5e93e7
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-