General
-
Target
068514d96a5f2b80db76843f48e150a4.exe
-
Size
532KB
-
Sample
210117-ba1ptyjjqe
-
MD5
068514d96a5f2b80db76843f48e150a4
-
SHA1
8e384eab6070bc6b98d97c90d1a6795210e73b0f
-
SHA256
b99dc427b778399210624abc51312720ff95e1fd9b74dcdb8cdbd50f15a98b3c
-
SHA512
91e8f67a4e72228842a6411e91fa0105742599447befab77c199438a6ed68faf83527e45232c272f6dde82a000586c7cf4159060ceba601eb57b1529bec42b5a
Static task
static1
Behavioral task
behavioral1
Sample
068514d96a5f2b80db76843f48e150a4.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Targets
-
-
Target
068514d96a5f2b80db76843f48e150a4.exe
-
Size
532KB
-
MD5
068514d96a5f2b80db76843f48e150a4
-
SHA1
8e384eab6070bc6b98d97c90d1a6795210e73b0f
-
SHA256
b99dc427b778399210624abc51312720ff95e1fd9b74dcdb8cdbd50f15a98b3c
-
SHA512
91e8f67a4e72228842a6411e91fa0105742599447befab77c199438a6ed68faf83527e45232c272f6dde82a000586c7cf4159060ceba601eb57b1529bec42b5a
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-