General
-
Target
Ziraat Bankasi Swift Mesaji_pdf.exe
-
Size
367KB
-
Sample
230417-pp2qeaeb83
-
MD5
b202fbf7da253a4eb12808791ad0a4c5
-
SHA1
04577bf9f9a526612533547eac8538eae371af2d
-
SHA256
cd24796ce83ec93f4e5e116d5402986cca52840cf878f7cdedc63f865734d409
-
SHA512
cb738d3c8b1a96ef652c1d3e6d0dad01ec174b5f5f772dff8ac522d92a0d91456ce8a7de6cf1846b6ecfbe73cbf56dfe5115daee591af6767127509a8229cb9c
-
SSDEEP
6144:wT5Uzm/ONiIvlIxyOPZ06YUOHB/ZXIsy9/l/uzYf5CW1CQ64B6GuWhWJJgRPGCWp:wT5j6l4C6YlHcsy9NH5CaC98JujJgRPM
Static task
static1
Behavioral task
behavioral1
Sample
Ziraat Bankasi Swift Mesaji_pdf.exe
Resource
win7-20230220-en
Malware Config
Extracted
formbook
4.1
be83
woodlandscancercare.org.uk
hosting-delightful.lol
bilpreco.com
diplomk-v-habarovske.com
dzgck.com
jsdappraisals.com
digitalnishant.com
bluevibesgift.com
wowchershoo.co.uk
eudoriaofficial.online
ourcampaign2024.net
barlogcode.com
calmingscents.biz
thewaterfallproject.africa
www-1911.com
cigapp.online
wooddroppers.africa
casmiya.com
haruminailbar.com
drivermindset.com
kittysew.com
codinformer.com
carextra247.co.uk
hackldesign.com
jollyshopping.shop
ibufalari.com
cloudcapgear.com
afro.fitness
liverightseniorcareinc.com
imetmyselfinyou.com
easy-exchange.net
crowesnestvenue.com
bigszeieveryone.com
excavatorsmachines.com
39gaokk.com
cedarcreekmartinsville.com
lcllog.com
buylikeking.com
ag1elite.com
burnoutstudio.co.uk
aldafiq.com
foxdamold.com
doanses2022.click
bellanight.net
mouhc.online
carlosarenas.online
datifybase.com
allinahealthaetna.rsvp
alanmockler.com
jeevesalarm.com
fixmaster.africa
goxoasantander.com
austinmotorvillage.net
homespreadmechanics.com
irvinedigitalrealty.com
lacigalerouge.com
bjhybaobiao.com
channamphat.com
hotelmalabarresort.com
honstarnet.com
3dseal.online
heureka-health.ch
efefwonder.buzz
migswelders.com
777584.com
Targets
-
-
Target
Ziraat Bankasi Swift Mesaji_pdf.exe
-
Size
367KB
-
MD5
b202fbf7da253a4eb12808791ad0a4c5
-
SHA1
04577bf9f9a526612533547eac8538eae371af2d
-
SHA256
cd24796ce83ec93f4e5e116d5402986cca52840cf878f7cdedc63f865734d409
-
SHA512
cb738d3c8b1a96ef652c1d3e6d0dad01ec174b5f5f772dff8ac522d92a0d91456ce8a7de6cf1846b6ecfbe73cbf56dfe5115daee591af6767127509a8229cb9c
-
SSDEEP
6144:wT5Uzm/ONiIvlIxyOPZ06YUOHB/ZXIsy9/l/uzYf5CW1CQ64B6GuWhWJJgRPGCWp:wT5j6l4C6YlHcsy9NH5CaC98JujJgRPM
-
Formbook payload
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-