General
-
Target
6c3e151fb4ad32814621b3ad0bb7b4e5.exe
-
Size
532KB
-
Sample
210114-xpbarrnq8n
-
MD5
6c3e151fb4ad32814621b3ad0bb7b4e5
-
SHA1
943bc84680ba21d4703f502b5ef228d609936176
-
SHA256
d3eee1966ab239033979649c63ee94f50ed986cf62bc968bceb0f0bbd8927db6
-
SHA512
2a6a7e53982391706230f036b1157839829731211ae0fd43d0b4d71287a31a72b973a42ba6f87fc495abefd79b26cd3460858f82b4827775e8621eebce6ea73c
Static task
static1
Behavioral task
behavioral1
Sample
6c3e151fb4ad32814621b3ad0bb7b4e5.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Targets
-
-
Target
6c3e151fb4ad32814621b3ad0bb7b4e5.exe
-
Size
532KB
-
MD5
6c3e151fb4ad32814621b3ad0bb7b4e5
-
SHA1
943bc84680ba21d4703f502b5ef228d609936176
-
SHA256
d3eee1966ab239033979649c63ee94f50ed986cf62bc968bceb0f0bbd8927db6
-
SHA512
2a6a7e53982391706230f036b1157839829731211ae0fd43d0b4d71287a31a72b973a42ba6f87fc495abefd79b26cd3460858f82b4827775e8621eebce6ea73c
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-