General
-
Target
Ziraat-bankasi=SwiftMessaji00020122022.exe
-
Size
301KB
-
Sample
221220-va4jcaad42
-
MD5
676d36bb18f79c1b4903d8e4b14dddac
-
SHA1
6bbd751906857d096b672a61319ab6fb397f9cd3
-
SHA256
d853db31296f437556031f9bcf77cfe572aef7b9c394f10e415242c92c1c36ce
-
SHA512
33a43134e1d64efb6c911f5d2368f08357f9d2704b275b97f7befeb946a36775bd1483ebb3acdef1875f29a30aaddf21197232dd2004fc2e13b64e20ce3e4b4d
-
SSDEEP
6144:Qd7g3zbURBA0yxUUJuwpeN0hN/3CvEdamnjOQrafeWJlIjCjFbuLI:Qd7gsaOUFjlCeamPrafNntdsI
Malware Config
Extracted
formbook
4u5a
Y9HWoINcPu0r7SSSKt4FCmk7
G/E64auYdhRQM4wZW2bcOaY=
bL57APty/StRpW49a+EdxA==
TppryJ0SoslHe8gJFVc=
HXxDShYIEcUJDahdv2nvl5Hlbp4=
EKaq5c6w0nV3WWlEqM4Www==
VM+YjE8XS1OLcH1roYF4zA==
OwK0wxmBGnq2Fg==
B1zy4bulyfY9tj9DK2eIkeYArpTt
Avj5JeA8m9girqfQ4+cZxA==
AOY4dmDFkCdX8HUJMw==
5cQUw3pPMYr07V8=
P7ZsN4/zt63AEw==
FYyVCOpB8Vl//kSkDLPo91Yy
jxwZTBp+5gcsccPxDF+K4bDG2Rpp0A==
iGx9AO58DRhZbXX9
prwVyLkAtlhSU6irmansg8wArpTt
uqa8ZPl+FFObOkdFNg==
tL4OhF22EDaEOkdFNg==
6exH76Z9o7eu/n86vgPE
Targets
-
-
Target
Ziraat-bankasi=SwiftMessaji00020122022.exe
-
Size
301KB
-
MD5
676d36bb18f79c1b4903d8e4b14dddac
-
SHA1
6bbd751906857d096b672a61319ab6fb397f9cd3
-
SHA256
d853db31296f437556031f9bcf77cfe572aef7b9c394f10e415242c92c1c36ce
-
SHA512
33a43134e1d64efb6c911f5d2368f08357f9d2704b275b97f7befeb946a36775bd1483ebb3acdef1875f29a30aaddf21197232dd2004fc2e13b64e20ce3e4b4d
-
SSDEEP
6144:Qd7g3zbURBA0yxUUJuwpeN0hN/3CvEdamnjOQrafeWJlIjCjFbuLI:Qd7gsaOUFjlCeamPrafNntdsI
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-