General
-
Target
Ziraat Bankasi Swift Mesaji.exe
-
Size
690KB
-
Sample
220611-pphyasaeg4
-
MD5
ad8c1fb6847c90cec8545d5a1d12e098
-
SHA1
75587c6e26bb845a03b2c17526f85561e2664c10
-
SHA256
32b7d0b30638db08927b43bb633cb29da62ab634c34de42ff582841191c31839
-
SHA512
8b867ca4f8d538aef19b2707195aa0b6e83bb42b54ab035d00e52bdb6881e378a55580431b38ea60d5e87462656b2662bab56e42e2b22dd2a15a33f15d18152d
Static task
static1
Behavioral task
behavioral1
Sample
Ziraat Bankasi Swift Mesaji.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
pr28
warehouseufohighbay.com
kingasia77.xyz
americanoutfittes.com
jemodaevangica.com
holigantv82.com
creamkidslife.com
skillzplanetoutreach.com
goldencityofficial.com
choiceaccessorise.com
kdgkzy.com
patra.tech
chicaglo.com
9491countyroad106.com
theultracleanser.com
lesmacarons.biz
kfaluminum.com
institutodiversidade.com
woodanqnmz.store
teslabuyerusa.com
cityofbastop.com
firegillibrand.com
npsyu5n-periv.com
nflstreams.pro
resuelve-deuda-latam-pro.com
281564.com
ezeehookz.com
rvestdewseherore.xyz
modderplaten.com
getdapp.xyz
tutsempire.com
scientiaimaging.com
cryptoriver-island.xyz
occidentalinn.net
decouvredesproduits.com
queensize.xyz
ipandu.net
yingxinyiyuan.com
suddeniink.com
guestwin.com
curahintstudio.xyz
5g00au.com
ncfirerestoration.com
diabeticlifeinsurancequotes.com
sex-intim-kropivnickiy.online
metashae.com
flora-kana.com
productsamerica.store
buliangdh90.xyz
georgiatourz.com
coveredbyaaa.com
wirethreepebble.com
jeffreygraper.com
temerecesunjamon.com
trynica.com
nubehost365.com
phulieumaytanbinh.com
bluprintthebrand.com
mitchellcafeteresa.com
longtorsoswimwear.com
savannahfengshui.com
0zc8l0.xyz
eby6.com
kantinuai.com
4kph.com
knottynikkibaby.com
Targets
-
-
Target
Ziraat Bankasi Swift Mesaji.exe
-
Size
690KB
-
MD5
ad8c1fb6847c90cec8545d5a1d12e098
-
SHA1
75587c6e26bb845a03b2c17526f85561e2664c10
-
SHA256
32b7d0b30638db08927b43bb633cb29da62ab634c34de42ff582841191c31839
-
SHA512
8b867ca4f8d538aef19b2707195aa0b6e83bb42b54ab035d00e52bdb6881e378a55580431b38ea60d5e87462656b2662bab56e42e2b22dd2a15a33f15d18152d
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-