General
-
Target
Ziraat Bankasi Swift Mesaji20221129-34221.exe
-
Size
719KB
-
Sample
221129-h4c72abd5w
-
MD5
6a0ff43510923c27b144bf86b5e0a867
-
SHA1
880c264f12ea2175a81f7030dec9c7043093253f
-
SHA256
52426e75e25f69d9d7a8121464fe16a213ab48519ae10b2e2fc028ce86794a8b
-
SHA512
18f0247de11b5d3a7139f8c577560a2987fa706ed0b1eb8f08b01384d320508edbce31ceab050a82a09a97b8892680b3cab3e878bac4a1e7bfaa797ac8595c60
-
SSDEEP
12288:vX1wDXZCg8FEJLIJWyBgFuPDhd55slqVvsH4B4oks60PoSpK:vFwJpVIJxBnTzsOBI0Poo
Static task
static1
Behavioral task
behavioral1
Sample
Ziraat Bankasi Swift Mesaji20221129-34221.exe
Resource
win7-20220812-en
Malware Config
Extracted
formbook
qmpa
IEiN8oqOnNUEkfZd
LWyAr1P5PHPV
tMGP9gYCIc9DKQ==
fWi2stCh2E3DBWuEK612
B3LCCi2JvPxfNA==
NjLnNjX+DDWt/VuEK612
AvK5/JdMDLztPRg=
U+zn2FswDLztPRg=
3bRIXGwsIc9DKQ==
EXmAoj3/7Cyl+VuEK612
1gkKPklP1odxx7c/Zm+L6HeV4g==
1cMaHDg0ypV0vbT2Ibh+/5Cj5xmAVxA=
MSyBdIV+6nFRloTQAwmFklQ=
qilszGJvhMUsHgaUx/MNSKuo6A==
WYKLwmYEij4q2Hy6sOc=
sjII/IyFmORBFPJ2dVjpG0Q=
mTjzaRwZ9OsEkfZd
iL27vFhbX5ECbBIJxvJKbPHFf9M=
5A5Xr0D5PHPV
IpxsaTO4a1/I
O0akl/OtJu4=
W/Uo1VYpCLztPRg=
TxppXmMgUNC7BQOgzfIMSKuo6A==
R9Qsn1NYXIn0L9fTueU=
O5nTCTAIUYiqFQU=
qUA5LcysmdcEkfZd
jzY2a8iJvPxfNA==
G3Sjzt+b4lfVJo/AOp24sw==
pXEEKkfNMVnK
S6Cz2nc10oNrsJ0P+fA6jH48paMTEw==
sIDiCIeUrOAEkfZd
wKQkm/9lVVnI
uiIfKsOIQjwn8J2V5J1r
zHF4c+ypQ7ztPRg=
KwzbHrpTv3laKtfTueU=
k6JZiCC1KtFSIwiZk47UDt64Yss=
2fLFESoxpllKl5KxYXiW9toW+3DhXwE=
7VAnHMvgw84gTPYPyw==
ArIxekAPMmnRInupMqXfEUA=
ASdaAujYAQRRPg==
4h0THru60PsqyyGCBax+
6Ko6ZoljwEKxwljcDEOZuw==
gjO1ys5bRoj94slTOp24sw==
x4IVLlJKz4x/ybAzVoWSTt64Yss=
ilPsNVL6IaVE0bkfc+w=
wCKB0/SQg704jfUv3/wSSKuo6A==
+eR0tEZJMepVMA==
U42K55D5PHPV
goRIp7OCvDSpg20JCAE/rGT6/w==
2SoyM+br3hJySS1aDQoQZXe784VlUAU=
4LE7N1ZjxDsdfXYAGAzoUV0=
Z9D0XXcxIc9DKQ==
50BLU/bJfGFWsqJD76Yrr3H8
bHozX/y2emhZnX/3FxMQSKuo6A==
ETn+luu5Ugm4IkmeMBDfTcUDByHHFQ==
DWeErEUN29PLqCBSde+C6Z21HgbBWAkLRA==
ervK+g4HIc9DKQ==
/eaqAhTqH4X/5bEhHgzoUV0=
JUtMz3n5PHPV
LT8KV/+eGcivBfE8HwzoUV0=
/xyfrdbaaSMUdmW3/qcrr3H8
ZgQYKcKUKOPQtBidD5krr3H8
Qcd6yWA3xM1ftS1xI/t/BPCeS8M=
nmDfwNfXAQRRPg==
erwgcb.top
Targets
-
-
Target
Ziraat Bankasi Swift Mesaji20221129-34221.exe
-
Size
719KB
-
MD5
6a0ff43510923c27b144bf86b5e0a867
-
SHA1
880c264f12ea2175a81f7030dec9c7043093253f
-
SHA256
52426e75e25f69d9d7a8121464fe16a213ab48519ae10b2e2fc028ce86794a8b
-
SHA512
18f0247de11b5d3a7139f8c577560a2987fa706ed0b1eb8f08b01384d320508edbce31ceab050a82a09a97b8892680b3cab3e878bac4a1e7bfaa797ac8595c60
-
SSDEEP
12288:vX1wDXZCg8FEJLIJWyBgFuPDhd55slqVvsH4B4oks60PoSpK:vFwJpVIJxBnTzsOBI0Poo
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-