General
-
Target
ZiraatBankasi_SwiftMesaji20221129.exe
-
Size
720KB
-
Sample
221129-h4cw9sbd5v
-
MD5
850de91289a8d49117ff7b3e28551909
-
SHA1
83f99c1b73c61434768b0a87aec7eb9d0c3a48d0
-
SHA256
a7537f2ef1d10ef549145bd8ce586f1cce82ed841eda60b991b01137bd558bab
-
SHA512
94526ca78e830c53ec08edac0a1831587a6b7d0f6dff0e81294ea174a878a03270d24f0a5197e73134588a6cef6a554d5f7f064d9a242246fd7be31f99149bf4
-
SSDEEP
12288:/VShRpl3UrNYkFw1S72plNchQ4Vu1AnSq59gEolo0HzeoVCNQuw7rG2Ut8Oe:dSh3l3+NC7qZVCWo+0CosNJcUtXe
Malware Config
Extracted
formbook
go5o
fS9ce6bj/U7J6Q==
KPSUZUVU42J3IaXPjqsA
cDR9Sz1n2BN9eTutNa2QNg==
POJskuyBUqUdVp2wiI8=
t9gcQ5yNydIfrO4=
9oakDnoh0VXC
o2Z9n/2iYtDFcJ2wiI8=
GLBJZsgVkt3eXZragNJjYiGQ
axuNlck5BkA8plrI
khk2/+G5g43K
Fauoa7FQG6EN2QyITg==
fgaVrOb4mLl1KGNUX6jkXCU=
HQkML53cm6Ae+zIhRg==
TBodPq4E4AJylpZiNa2QNg==
wHghSq49EVU54E8mChOvRi5W3cn3ItLVVw==
rET2JY8u+TgVpzRtRF54Kw==
b0mCXc5pcXHZ9A==
QfuIoOgHl9IfrO4=
87fV+WQT5IKlSnTqmb6SbSMctA==
E+Yg8EqQKJi9XJKVqrA2i9TO78H53I97
Targets
-
-
Target
ZiraatBankasi_SwiftMesaji20221129.exe
-
Size
720KB
-
MD5
850de91289a8d49117ff7b3e28551909
-
SHA1
83f99c1b73c61434768b0a87aec7eb9d0c3a48d0
-
SHA256
a7537f2ef1d10ef549145bd8ce586f1cce82ed841eda60b991b01137bd558bab
-
SHA512
94526ca78e830c53ec08edac0a1831587a6b7d0f6dff0e81294ea174a878a03270d24f0a5197e73134588a6cef6a554d5f7f064d9a242246fd7be31f99149bf4
-
SSDEEP
12288:/VShRpl3UrNYkFw1S72plNchQ4Vu1AnSq59gEolo0HzeoVCNQuw7rG2Ut8Oe:dSh3l3+NC7qZVCWo+0CosNJcUtXe
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Suspicious use of SetThreadContext
-