General
-
Target
Ziraat Bankasi Swift Mesaji.exe
-
Size
691KB
-
Sample
220611-ppgegaecep
-
MD5
82e5f8445f104069e52ac321d6deb453
-
SHA1
ea88106784cdd3de5f936242760c04a00ff90760
-
SHA256
b38804166eadbfa83edfbbb26115a35bc284af64a8e3429c3011a13965fdcbf2
-
SHA512
7495a30e490294124cb8adb58ca27cba56d4fd9b9289d8717cb59e3c51827844908c03c9c17fd82d7a4cfea530c7b21419bc5811fe299cb82f986ee7a1902338
Static task
static1
Behavioral task
behavioral1
Sample
Ziraat Bankasi Swift Mesaji.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
pr28
warehouseufohighbay.com
kingasia77.xyz
americanoutfittes.com
jemodaevangica.com
holigantv82.com
creamkidslife.com
skillzplanetoutreach.com
goldencityofficial.com
choiceaccessorise.com
kdgkzy.com
patra.tech
chicaglo.com
9491countyroad106.com
theultracleanser.com
lesmacarons.biz
kfaluminum.com
institutodiversidade.com
woodanqnmz.store
teslabuyerusa.com
cityofbastop.com
firegillibrand.com
npsyu5n-periv.com
nflstreams.pro
resuelve-deuda-latam-pro.com
281564.com
ezeehookz.com
rvestdewseherore.xyz
modderplaten.com
getdapp.xyz
tutsempire.com
scientiaimaging.com
cryptoriver-island.xyz
occidentalinn.net
decouvredesproduits.com
queensize.xyz
ipandu.net
yingxinyiyuan.com
suddeniink.com
guestwin.com
curahintstudio.xyz
5g00au.com
ncfirerestoration.com
diabeticlifeinsurancequotes.com
sex-intim-kropivnickiy.online
metashae.com
flora-kana.com
productsamerica.store
buliangdh90.xyz
georgiatourz.com
coveredbyaaa.com
wirethreepebble.com
jeffreygraper.com
temerecesunjamon.com
trynica.com
nubehost365.com
phulieumaytanbinh.com
bluprintthebrand.com
mitchellcafeteresa.com
longtorsoswimwear.com
savannahfengshui.com
0zc8l0.xyz
eby6.com
kantinuai.com
4kph.com
knottynikkibaby.com
Targets
-
-
Target
Ziraat Bankasi Swift Mesaji.exe
-
Size
691KB
-
MD5
82e5f8445f104069e52ac321d6deb453
-
SHA1
ea88106784cdd3de5f936242760c04a00ff90760
-
SHA256
b38804166eadbfa83edfbbb26115a35bc284af64a8e3429c3011a13965fdcbf2
-
SHA512
7495a30e490294124cb8adb58ca27cba56d4fd9b9289d8717cb59e3c51827844908c03c9c17fd82d7a4cfea530c7b21419bc5811fe299cb82f986ee7a1902338
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-