General
-
Target
Ziraat Bankasi Swift Mesaji.exe
-
Size
457KB
-
Sample
220613-hcbvwsecak
-
MD5
bfd5416efae1ecc1517f4b286c30b655
-
SHA1
6debd272160fe05b0c3397f612f1c8e7d005f376
-
SHA256
7f64aa4801b0cbae5fdda52ae4fe848ef03650a4dec91b4f4d5131a0def6b464
-
SHA512
4e29a8d547abaed04837a4e02a0b47b5b8d1a8fc435eadcb8115b5b4d3464c5239aef5a25becfb995a0f3da2536bce798bcf944d422a7211d2aef3725e8ff7c4
Static task
static1
Behavioral task
behavioral1
Sample
Ziraat Bankasi Swift Mesaji.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
pr28
warehouseufohighbay.com
kingasia77.xyz
americanoutfittes.com
jemodaevangica.com
holigantv82.com
creamkidslife.com
skillzplanetoutreach.com
goldencityofficial.com
choiceaccessorise.com
kdgkzy.com
patra.tech
chicaglo.com
9491countyroad106.com
theultracleanser.com
lesmacarons.biz
kfaluminum.com
institutodiversidade.com
woodanqnmz.store
teslabuyerusa.com
cityofbastop.com
firegillibrand.com
npsyu5n-periv.com
nflstreams.pro
resuelve-deuda-latam-pro.com
281564.com
ezeehookz.com
rvestdewseherore.xyz
modderplaten.com
getdapp.xyz
tutsempire.com
scientiaimaging.com
cryptoriver-island.xyz
occidentalinn.net
decouvredesproduits.com
queensize.xyz
ipandu.net
yingxinyiyuan.com
suddeniink.com
guestwin.com
curahintstudio.xyz
5g00au.com
ncfirerestoration.com
diabeticlifeinsurancequotes.com
sex-intim-kropivnickiy.online
metashae.com
flora-kana.com
productsamerica.store
buliangdh90.xyz
georgiatourz.com
coveredbyaaa.com
wirethreepebble.com
jeffreygraper.com
temerecesunjamon.com
trynica.com
nubehost365.com
phulieumaytanbinh.com
bluprintthebrand.com
mitchellcafeteresa.com
longtorsoswimwear.com
savannahfengshui.com
0zc8l0.xyz
eby6.com
kantinuai.com
4kph.com
knottynikkibaby.com
Targets
-
-
Target
Ziraat Bankasi Swift Mesaji.exe
-
Size
457KB
-
MD5
bfd5416efae1ecc1517f4b286c30b655
-
SHA1
6debd272160fe05b0c3397f612f1c8e7d005f376
-
SHA256
7f64aa4801b0cbae5fdda52ae4fe848ef03650a4dec91b4f4d5131a0def6b464
-
SHA512
4e29a8d547abaed04837a4e02a0b47b5b8d1a8fc435eadcb8115b5b4d3464c5239aef5a25becfb995a0f3da2536bce798bcf944d422a7211d2aef3725e8ff7c4
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-