General
-
Target
Ziraat Bankasi Swift Mesaji.exe
-
Size
515KB
-
Sample
220706-teg1gagfg5
-
MD5
10fa9d1cf17c0182373f342fbed0bd8d
-
SHA1
0f248be8143358714b8775174fd91309ce21c96d
-
SHA256
1309ca7e7b81db3bea317c139fddf9124c47c3fc4b4113b44fe56af16dc39a88
-
SHA512
4f0339f58b7fdeae72359c22fc4a8105791ce5dc5c5ded36ad0a04893fe46480d2e8b42ef27efb352c9f473626c79fc5c587e82376209b970d295914444f14e2
Static task
static1
Behavioral task
behavioral1
Sample
Ziraat Bankasi Swift Mesaji.exe
Resource
win7-20220414-en
Malware Config
Extracted
formbook
4.1
kn30
edeniabenz.com
laurenjsettles.com
schwyzerland.com
hdrslh.com
talleresmasabrazos.com
wesdop.xyz
xn--abcj-doab.net
visioresearch.net
vostextes.com
santoriniconciergethira.com
seektrainings.com
dogsocats.com
munjanichemical.com
sapnemekyadekha.online
hiartwork.com
remarquehomebuilders.com
huilege.com
pjslot.net
greatsolutionwebsite.xyz
graciousclothingstore.com
perthpropertyinvestment.com
9haojie.com
senior-living-25058.com
harrytucker.site
funsplay.online
avondhutraining.com
gohostio.com
calljanes.com
xinhao68.com
misac-eg.com
woodlyparkguesthouse.com
regeneraterealty.com
amailtuostilepf.com
welcometosanya.com
angie-buys-houses.com
snackmurah.xyz
persianads.xyz
bmwpanorama.online
sportsfingroup.com
texomabrew.com
electricscar.com
alanadim.net
southerndesertmedical.net
l-film.com
sitesforseekingmillionaire.com
troyandjillnehlsadopt.net
alexmera.net
goodsamravelassist.com
theboonspa.com
thestrangeryoulove.com
vinylsparrow.com
monstereg.com
kumkanifishing.com
vetbul.online
bjyqcm.com
thelalondegroup.com
ufthgt.press
jullianben.com
mediterraneangrocerymemphis.com
mightymattressfl.com
quantumclick.media
amyteslin-staging2.com
insumosvmv.com
vcsvc.com
microvitaautism.com
Targets
-
-
Target
Ziraat Bankasi Swift Mesaji.exe
-
Size
515KB
-
MD5
10fa9d1cf17c0182373f342fbed0bd8d
-
SHA1
0f248be8143358714b8775174fd91309ce21c96d
-
SHA256
1309ca7e7b81db3bea317c139fddf9124c47c3fc4b4113b44fe56af16dc39a88
-
SHA512
4f0339f58b7fdeae72359c22fc4a8105791ce5dc5c5ded36ad0a04893fe46480d2e8b42ef27efb352c9f473626c79fc5c587e82376209b970d295914444f14e2
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-