General
-
Target
Ziraat Bankasi Swift Mesaji.exe
-
Size
605KB
-
Sample
220725-k7ydgsbggr
-
MD5
3951678c7d514392e736a3f42a3bf422
-
SHA1
69a7646f8abc926da7f476e87b0d47f07b15344f
-
SHA256
7cb158ee1638efc7f9d163b16a0ef549eb28c741d5cdd0c348a23e246fd5fbdf
-
SHA512
b8c102bbd6f6ed3233f59af809087c086a1604d2c97ae7978d431b2d52dfb1f13230a2b9ec76051c32be1db40eb960ba5be997df1953baba9d5b4caae2c69e44
Static task
static1
Behavioral task
behavioral1
Sample
Ziraat Bankasi Swift Mesaji.exe
Resource
win7-20220718-en
Malware Config
Extracted
formbook
4.1
bt62
mmajesty.xyz
wildgoodnessgardens.com
luicodraft.xyz
tontobox.store
kericarr.com
taramayoros.com
sluesn.online
tamdavinhlong.com
powdermountain.tours
spydecelular.site
supportjamesbrown.com
lemonzest.store
kofekloud.com
you-got-a-sec.com
sunu-ocr.com
xn--nxw840bmnh.xn--czru2d
thepeninsulachicago.com
cers.online
ozmintmanagement.com
shopninib.com
cryptobeancounters.xyz
drhaviland.com
digital-referral.net
globalpmleague.com
surokkhagov.com
cheap-website.net
m20giraffe.com
classic-pizza.store
custrecs.info
tenderyearstutoring.com
standtasarimi.online
x3wa.com
hzzsfj.com
wooddingo.com
filasko-tilbud.com
bigdicksinsurance.com
vw24ty15.com
lyushh.com
dewebmx.com
magbo24.biz
illmobile.com
usnwaq.online
abishanamus.com
hsbc2323.com
certifica-flowe.com
aion-misteria.online
streaken.xyz
armicacciaetiro.info
sjohnsonins.com
inda-pendant.com
superherocleaning.com
code2god.com
italianfinefinishes.com
everantdigital.com
kimpruxa.com
evreix.com
avobub.com
drain-pipe-cleaning-58895.com
kdc-codestates.com
health3.club
renova1.com
networthwhile.com
peahos.online
evyienen.com
mysurely.life
Targets
-
-
Target
Ziraat Bankasi Swift Mesaji.exe
-
Size
605KB
-
MD5
3951678c7d514392e736a3f42a3bf422
-
SHA1
69a7646f8abc926da7f476e87b0d47f07b15344f
-
SHA256
7cb158ee1638efc7f9d163b16a0ef549eb28c741d5cdd0c348a23e246fd5fbdf
-
SHA512
b8c102bbd6f6ed3233f59af809087c086a1604d2c97ae7978d431b2d52dfb1f13230a2b9ec76051c32be1db40eb960ba5be997df1953baba9d5b4caae2c69e44
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-