General

  • Target

    ZiraatBankasi-SwiftMesaji20221123.exe

  • Size

    1.1MB

  • Sample

    221123-jzeqqsgc59

  • MD5

    0f46ecb9b5ea6f5fcbaf7056c316259c

  • SHA1

    bc171b3c828566a705e82dce3a96f78e836c2dd1

  • SHA256

    8a530805d14a1d39f4016d711091acc26f7404a1dca050407f6d6ba4eeaef0f5

  • SHA512

    8fdde0979eb61549793725bb95455291a32ef7b674af43602239e697886941d4189d35ceb9b70b5e440b4f480fa8e333dbb960b4b7f586061697296d14a73bb4

  • SSDEEP

    24576:8sGpbZ7QlqRYYlQ6SdVqeK0kUBwUaFkwWR+UBqdOp:iNJtRMnV0UcywWR+UBqdO

Malware Config

Extracted

Family

formbook

Campaign

go5o

Decoy

fS9ce6bj/U7J6Q==

KPSUZUVU42J3IaXPjqsA

cDR9Sz1n2BN9eTutNa2QNg==

POJskuyBUqUdVp2wiI8=

t9gcQ5yNydIfrO4=

9oakDnoh0VXC

o2Z9n/2iYtDFcJ2wiI8=

GLBJZsgVkt3eXZragNJjYiGQ

axuNlck5BkA8plrI

khk2/+G5g43K

Fauoa7FQG6EN2QyITg==

fgaVrOb4mLl1KGNUX6jkXCU=

HQkML53cm6Ae+zIhRg==

TBodPq4E4AJylpZiNa2QNg==

wHghSq49EVU54E8mChOvRi5W3cn3ItLVVw==

rET2JY8u+TgVpzRtRF54Kw==

b0mCXc5pcXHZ9A==

QfuIoOgHl9IfrO4=

87fV+WQT5IKlSnTqmb6SbSMctA==

E+Yg8EqQKJi9XJKVqrA2i9TO78H53I97

Targets

    • Target

      ZiraatBankasi-SwiftMesaji20221123.exe

    • Size

      1.1MB

    • MD5

      0f46ecb9b5ea6f5fcbaf7056c316259c

    • SHA1

      bc171b3c828566a705e82dce3a96f78e836c2dd1

    • SHA256

      8a530805d14a1d39f4016d711091acc26f7404a1dca050407f6d6ba4eeaef0f5

    • SHA512

      8fdde0979eb61549793725bb95455291a32ef7b674af43602239e697886941d4189d35ceb9b70b5e440b4f480fa8e333dbb960b4b7f586061697296d14a73bb4

    • SSDEEP

      24576:8sGpbZ7QlqRYYlQ6SdVqeK0kUBwUaFkwWR+UBqdOp:iNJtRMnV0UcywWR+UBqdO

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks