General
-
Target
7f1949b61c8727e782c3f2cb7aafe7b062e92dc6dca20dab8a0cf03ea6cbeca7
-
Size
424KB
-
Sample
220521-n6hhesefh3
-
MD5
1095828301dd1c188aa266ce3915d7a5
-
SHA1
380da0f31a5981b5155597e409820080d09aa2a4
-
SHA256
7f1949b61c8727e782c3f2cb7aafe7b062e92dc6dca20dab8a0cf03ea6cbeca7
-
SHA512
6de0c6d8d498cf41a1009d4676b1ab8c89d7fd7d4e0e48ef96e314a3ccdee6b24fc2ad4847325c90f2cb6f4029da47b58dd3c838c6f1898a324f9a82f6a42851
Static task
static1
Behavioral task
behavioral1
Sample
T.HALK BANKASI A.S...17.08.2020 Hesap Ekstresi.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
T.HALK BANKASI A.S...17.08.2020 Hesap Ekstresi.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Targets
-
-
Target
T.HALK BANKASI A.S...17.08.2020 Hesap Ekstresi.exe
-
Size
468KB
-
MD5
3f20d10fe2e1bc476bf1b6d4465e71eb
-
SHA1
3f8dbcd0831ec76afd558b280054f23886fb4c7f
-
SHA256
3f7f872fea7066d980a443d82e9ec8c3c97fddd2f658b24919589bbdf4de1bcc
-
SHA512
f8f29a16dffb0766678b26859f62bc595814660889a650dc330c40969bab7eda90b7934a96260c42891341671b89537f20321b4980dd0f97c413f2b9c8cad7cf
Score10/10-
Matiex Main Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-