General
-
Target
375a9215552b14a93246e85884e6bae2.exe
-
Size
497KB
-
Sample
210113-785a2kyxbn
-
MD5
375a9215552b14a93246e85884e6bae2
-
SHA1
0e1f99ebf26b96fa1abcdc68ebf34c408abd9934
-
SHA256
b35320c510d100799cc245b4f9db0d3826cdf6edec4edaea326cae40375bfc6c
-
SHA512
1798515296c3aaa898b6c008c5b20ee5a0b4efc1c1ff4918994bd82594696a7bc6342ca904d59f4160950843d4133c9a7726ddd6bbe74894e924fc51df473d4d
Static task
static1
Behavioral task
behavioral1
Sample
375a9215552b14a93246e85884e6bae2.exe
Resource
win7v20201028
Malware Config
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Extracted
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Targets
-
-
Target
375a9215552b14a93246e85884e6bae2.exe
-
Size
497KB
-
MD5
375a9215552b14a93246e85884e6bae2
-
SHA1
0e1f99ebf26b96fa1abcdc68ebf34c408abd9934
-
SHA256
b35320c510d100799cc245b4f9db0d3826cdf6edec4edaea326cae40375bfc6c
-
SHA512
1798515296c3aaa898b6c008c5b20ee5a0b4efc1c1ff4918994bd82594696a7bc6342ca904d59f4160950843d4133c9a7726ddd6bbe74894e924fc51df473d4d
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-