General
-
Target
c14efafec8dfc11a3b8f0bfea3721745.exe
-
Size
1.5MB
-
Sample
210114-vddhrjsjtj
-
MD5
c14efafec8dfc11a3b8f0bfea3721745
-
SHA1
8a6188c42fc5bb5ff597ced40468832b71f39288
-
SHA256
2776dffe03cd2d068cae82fc3f47f58f3937da40d411ce9540cec446a3606d91
-
SHA512
d2340565c62b7135db08caaa0a5b0b4571def0645913ea31b51ef830c31c091f034fccc4567209a3d3733d7d1ee2f3a6298a1147b268166cf6352e5a34a5d37b
Static task
static1
Behavioral task
behavioral1
Sample
c14efafec8dfc11a3b8f0bfea3721745.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Targets
-
-
Target
c14efafec8dfc11a3b8f0bfea3721745.exe
-
Size
1.5MB
-
MD5
c14efafec8dfc11a3b8f0bfea3721745
-
SHA1
8a6188c42fc5bb5ff597ced40468832b71f39288
-
SHA256
2776dffe03cd2d068cae82fc3f47f58f3937da40d411ce9540cec446a3606d91
-
SHA512
d2340565c62b7135db08caaa0a5b0b4571def0645913ea31b51ef830c31c091f034fccc4567209a3d3733d7d1ee2f3a6298a1147b268166cf6352e5a34a5d37b
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-