General
-
Target
610728dd845f9e8d6b7e5c3a7b9f9989.exe
-
Size
1MB
-
Sample
210111-mftte4qqns
-
MD5
610728dd845f9e8d6b7e5c3a7b9f9989
-
SHA1
114efb6a288a14f22185846bac4932216656a7d9
-
SHA256
9b7e0e6cba9a4b6f7360457e1fd9049d16145bcc53b1c51d696fd99b508d3dbc
-
SHA512
88bc030ed2745eeb36d68117d28d2d58ba73bdc7295c0783f87704427c5842495a7d3cbb7298b1f265a378ccf080560c62ed8426b416f713d535f8ca0b9a33e4
Static task
static1
Behavioral task
behavioral1
Sample
610728dd845f9e8d6b7e5c3a7b9f9989.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Targets
-
-
Target
610728dd845f9e8d6b7e5c3a7b9f9989.exe
-
Size
1MB
-
MD5
610728dd845f9e8d6b7e5c3a7b9f9989
-
SHA1
114efb6a288a14f22185846bac4932216656a7d9
-
SHA256
9b7e0e6cba9a4b6f7360457e1fd9049d16145bcc53b1c51d696fd99b508d3dbc
-
SHA512
88bc030ed2745eeb36d68117d28d2d58ba73bdc7295c0783f87704427c5842495a7d3cbb7298b1f265a378ccf080560c62ed8426b416f713d535f8ca0b9a33e4
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-