General
-
Target
b1b2e4feae64fb2c5cffe6b5021dfc89.exe
-
Size
1.0MB
-
Sample
210122-jcczz8znf6
-
MD5
b1b2e4feae64fb2c5cffe6b5021dfc89
-
SHA1
6136733b5990a3a68cd01221e0f3dad4a7ddeaa9
-
SHA256
4d9d6fc917cb1b46fd579b2d962af49850ce5e48b27a60a0c99e3426db649327
-
SHA512
b063746dd37440d2afe1897139066cb311d60951e13ab9c0b46c862c9fe99143d0d9dc58ce24d639cd6068a71a62a5a34fe60a8107214aae3f466bb1087f3523
Static task
static1
Behavioral task
behavioral1
Sample
b1b2e4feae64fb2c5cffe6b5021dfc89.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Targets
-
-
Target
b1b2e4feae64fb2c5cffe6b5021dfc89.exe
-
Size
1.0MB
-
MD5
b1b2e4feae64fb2c5cffe6b5021dfc89
-
SHA1
6136733b5990a3a68cd01221e0f3dad4a7ddeaa9
-
SHA256
4d9d6fc917cb1b46fd579b2d962af49850ce5e48b27a60a0c99e3426db649327
-
SHA512
b063746dd37440d2afe1897139066cb311d60951e13ab9c0b46c862c9fe99143d0d9dc58ce24d639cd6068a71a62a5a34fe60a8107214aae3f466bb1087f3523
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-