General
-
Target
Ziraat-bankasi=SwiftMessaji00020122022.exe
-
Size
301KB
-
Sample
221220-va4jcaad42
-
MD5
676d36bb18f79c1b4903d8e4b14dddac
-
SHA1
6bbd751906857d096b672a61319ab6fb397f9cd3
-
SHA256
d853db31296f437556031f9bcf77cfe572aef7b9c394f10e415242c92c1c36ce
-
SHA512
33a43134e1d64efb6c911f5d2368f08357f9d2704b275b97f7befeb946a36775bd1483ebb3acdef1875f29a30aaddf21197232dd2004fc2e13b64e20ce3e4b4d
-
SSDEEP
6144:Qd7g3zbURBA0yxUUJuwpeN0hN/3CvEdamnjOQrafeWJlIjCjFbuLI:Qd7gsaOUFjlCeamPrafNntdsI
Static task
static1
Behavioral task
behavioral1
Sample
Ziraat-bankasi=SwiftMessaji00020122022.exe
Resource
win7-20220812-en
Malware Config
Extracted
formbook
4u5a
Y9HWoINcPu0r7SSSKt4FCmk7
G/E64auYdhRQM4wZW2bcOaY=
bL57APty/StRpW49a+EdxA==
TppryJ0SoslHe8gJFVc=
HXxDShYIEcUJDahdv2nvl5Hlbp4=
EKaq5c6w0nV3WWlEqM4Www==
VM+YjE8XS1OLcH1roYF4zA==
OwK0wxmBGnq2Fg==
B1zy4bulyfY9tj9DK2eIkeYArpTt
Avj5JeA8m9girqfQ4+cZxA==
AOY4dmDFkCdX8HUJMw==
5cQUw3pPMYr07V8=
P7ZsN4/zt63AEw==
FYyVCOpB8Vl//kSkDLPo91Yy
jxwZTBp+5gcsccPxDF+K4bDG2Rpp0A==
iGx9AO58DRhZbXX9
prwVyLkAtlhSU6irmansg8wArpTt
uqa8ZPl+FFObOkdFNg==
tL4OhF22EDaEOkdFNg==
6exH76Z9o7eu/n86vgPE
rJfvmmO0I0KSOkdFNg==
fWeyPQpzFxdBSlPuAlA=
imNhpGXCQjOgCw==
KOLqYk7Qy278+j3g
A4mLyKgkynW7jZZt0F8=
380eDrCm3ApZbXX9
1k6VTs/04X8=
6yQgD+RiKrbnhr77i60lI/gyAQ==
rST4Evf891bSukI=
wYh6yzBy3wDSOkdFNg==
i0j/88JPuMOz
1t8w27cIepbAIqSh0G5dsiUnCw==
uI6hQB6EIE+bFW1woYF4zA==
BPL0Pin+82dmW/OhB0Fr5JHlbp4=
XC5/ZktMXzEnk+xGrPFSE+st
srT4c1/AacoX8F0=
zJeU2qIZ2VCSOkdFNg==
j4a8RbuBvuFZbXX9
asVC+9b7w7eu
L6UfqgNtQjOgCw==
yTgIJt0+qNUilvojOWqqBypDFg==
Ie006MzYHidZbXX9
fbVjId1kpfdZbXX9
w7z+dzqeJEZq2/A6vgPE
bkyOQjI+MYr07V8=
EODzbkTAOSJZbXX9
sZXWleMz4n7HrUI=
YuK38tZjKZ3eQJnC3jxvdM7D2Rpp0A==
VTJSAfJU7tISaHT/
d/gIXE8qLIr07V8=
F3XypWdIKor07V8=
uQaJTBhc8R4kr/I6vgPE
1T8ENSkKJLudaZZt0F8=
uc4eyKuvBidZbXX9
txCp1rM0oc4LhQHpKYJQUKKktIT3GWoNJw==
RMLQh/ZpQjOgCw==
0+Qt17zBCyNZbXX9
JC6jMCHmB77Eu/EFdap62w==
t4XGRQqC3kSB9Tpds2j0Wrg=
T7hCMhTkzX2mf4lVAQjjJOgz
DQ6VYEicGU+NFio7Lw==
PCpjzoTZU3Ol9T1coYF4zA==
DxVl5Jum/t5orqfQ4+cZxA==
OaM0F9KunPxoQUk/Nw==
needook.com
Targets
-
-
Target
Ziraat-bankasi=SwiftMessaji00020122022.exe
-
Size
301KB
-
MD5
676d36bb18f79c1b4903d8e4b14dddac
-
SHA1
6bbd751906857d096b672a61319ab6fb397f9cd3
-
SHA256
d853db31296f437556031f9bcf77cfe572aef7b9c394f10e415242c92c1c36ce
-
SHA512
33a43134e1d64efb6c911f5d2368f08357f9d2704b275b97f7befeb946a36775bd1483ebb3acdef1875f29a30aaddf21197232dd2004fc2e13b64e20ce3e4b4d
-
SSDEEP
6144:Qd7g3zbURBA0yxUUJuwpeN0hN/3CvEdamnjOQrafeWJlIjCjFbuLI:Qd7gsaOUFjlCeamPrafNntdsI
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-