General
-
Target
d38b6dbcd5bd5203a83cb54dd5e0492b.exe
-
Size
716KB
-
Sample
210114-d3h26fkdea
-
MD5
d38b6dbcd5bd5203a83cb54dd5e0492b
-
SHA1
cb83aa5bf6b6b00f88886d618e2cf4fa199e6cb8
-
SHA256
7dd0a6bd49432c21f2ed5300ae66d16b32f3200152c507340b00108a2d78cd22
-
SHA512
4a5193f489fc62ef324af1beba7a3f1a104e16aecd0e2c0b824aaada67f6aedabcff84552011583bd0843a47154e68454c9685b4fed596125aaa4ca0fa41b518
Static task
static1
Behavioral task
behavioral1
Sample
d38b6dbcd5bd5203a83cb54dd5e0492b.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Targets
-
-
Target
d38b6dbcd5bd5203a83cb54dd5e0492b.exe
-
Size
716KB
-
MD5
d38b6dbcd5bd5203a83cb54dd5e0492b
-
SHA1
cb83aa5bf6b6b00f88886d618e2cf4fa199e6cb8
-
SHA256
7dd0a6bd49432c21f2ed5300ae66d16b32f3200152c507340b00108a2d78cd22
-
SHA512
4a5193f489fc62ef324af1beba7a3f1a104e16aecd0e2c0b824aaada67f6aedabcff84552011583bd0843a47154e68454c9685b4fed596125aaa4ca0fa41b518
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-