flash

Ziraat Bankasi Swift Mesaji20221129-34221.exe

Status: finished
Submission Time: 2022-11-29 10:15:34 +01:00
Malicious
Trojan
Spyware
Evader
FormBook

Comments

Tags

Details

  • Analysis ID:
    755920
  • API (Web) ID:
    1123196
  • Analysis Started:
    2022-11-29 10:15:36 +01:00
  • Analysis Finished:
    2022-11-29 10:25:33 +01:00
  • MD5:
    6a0ff43510923c27b144bf86b5e0a867
  • SHA1:
    880c264f12ea2175a81f7030dec9c7043093253f
  • SHA256:
    52426e75e25f69d9d7a8121464fe16a213ab48519ae10b2e2fc028ce86794a8b
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
31/70

malicious
16/41

malicious

IPs

IP Country Detection
103.11.189.189
Singapore
141.136.43.229
Lithuania
38.239.92.131
United States

Domains

Name IP Detection
www.oaksinstitute.net
103.11.189.189
notarpucarhr.com
141.136.43.229
www.multimediapages.com
38.239.92.131
Click to see the 3 hidden entries
www.thetrendsinfo.com
0.0.0.0
www.notarpucarhr.com
0.0.0.0
thetrendsinfo.com
68.66.216.12

URLs

Name Detection
http://www.oaksinstitute.net/qmpa/?mRh4lr=5Yvs1mt+8koK04wDmvle7hFJkaWhy6okw1CCpgEhtGW9Nwizn2cFt5qaMIq71RWOXG0+Z4ku5zJzPR6AZImqbF2d7jI61SlZkw==&VrWd=-Z5PLbzhUhYhR8K
http://www.multimediapages.com/qmpa/?mRh4lr=rejTwVtqfB30O9nwV+ATTccd4/r3ZShDvm2ExT48d5W41t5gt2xe96xDcyDktEvrNydQ6GKmhPSZbQq/61ftArfg9GGH4Fupqg==&VrWd=-Z5PLbzhUhYhR8K
http://www.multimediapages.com/qmpa/
Click to see the 97 hidden entries
http://www.notarpucarhr.com/qmpa/?mRh4lr=EgIWtG18ZIzAqtaO1OmvkFLdPjhKt8Mp7J5Y1fxWkEB6Q9kPLkR881s923Q+G4W9S+aNob6MQv0YuDJ73ehw8miGBWwdljwfXw==&VrWd=-Z5PLbzhUhYhR8K
http://www.oaksinstitute.net/qmpa/
www.erwgcb.top/qmpa/
http://www.carterandcone.comits
http://www.fontbureau.comueedl
http://www.sakkal.com
http://www.fonts.comcom
http://www.carterandcone.comsign
http://www.sandoll.co.kr
http://www.fonts.com
http://www.jiyu-kobo.co.jp/jp/l
http://www.carterandcone.comGr
http://www.galapagosdesign.com/staff/dennis.htmtr-tr
http://www.goodfont.co.kr
http://www.sajatypeworks.comU
http://www.carterandcone.com8I
http://www.carterandcone.comily
http://fontfabrik.com
http://www.sajatypeworks.comers0J
http://www.galapagosdesign.com/staff/dennis.htm
http://www.typography.netD
http://www.carterandcone.comsigW
http://www.carterandcone.com
http://www.tiro.com
http://www.fontbureau.com/designers/cabarga.htmlN
http://www.fontbureau.com/designers8
http://www.zhongyicts.com.cno.
http://www.sakkal.comP1
http://www.galapagosdesign.com/:
http://www.jiyu-kobo.co.jp/
http://www.fontbureau.comm
http://www.fontbureau.com/designers%
http://www.monotype.
http://www.fontbureau.com/designers/cabarga.html
http://www.fontbureau.comdP
http://www.founder.com.cn/cn
http://www.fontbureau.com/designersiv
https://search.yahoo.com?fr=crmas_sfp
https://ac.ecosia.org/autocomplete?q=
http://www.jiyu-kobo.co.jp/jp/
http://www.fontbureau.comL.TTF
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
http://www.carterandcone.comfac
http://www.carterandcone.comitse
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
http://www.fontbureau.comF
http://www.fontbureau.com
http://www.apache.org/licenses/LICENSE-2.0
http://www.jiyu-kobo.co.jp/0
http://www.sajatypeworks.comegr
http://www.jiyu-kobo.co.jp/S
http://www.carterandcone.compe
http://www.galapagosdesign.com/
http://www.fontbureau.comicu
http://www.jiyu-kobo.co.jp/ry
http://www.jiyu-kobo.co.jp/Y
http://www.zhongyicts.com.cn
http://www.jiyu-kobo.co.jp/$
http://www.urwpp.deDPlease
http://www.jiyu-kobo.co.jp/Y0
http://www.galapagosdesign.com/DPlease
http://www.jiyu-kobo.co.jp/P
http://www.founder.com.cn/cn/cThe
http://www.sajatypeworks.com
http://www.fontbureau.coml1
http://www.carterandcone.comhy/
http://www.carterandcone.comFH
http://www.fontbureau.commsedY
http://www.fontbureau.com/designers
http://www.carterandcone.com69
http://www.vodien.com/singapore-email-hosting.php
https://duckduckgo.com/ac/?q=
https://duckduckgo.com/chrome_newtab
http://www.fontbureau.comalicg
http://www.fontbureau.com/designersW
https://search.yahoo.com?fr=crmas_sfpf
http://www.fontbureau.com/designers?
http://www.founder.com.cn/cn/bThe
http://www.fontbureau.com/designers/?
http://www.carterandcone.comre
http://www.fontbureau.com/designersG
http://www.sajatypeworks.comegrjJH
http://www.fontbureau.com/designersH
http://www.fontbureau.coma$
http://www.founder.com.cn/cntsP=tx
http://www.vodien.com/
http://www.jiyu-kobo.co.jp/l
http://www.zhongyicts.com.cno.z
http://www.zhongyicts.com.cnV
http://www.fontbureau.com/designers/frere-user.html
http://www.jiyu-kobo.co.jp/x
http://www.founder.com.cn/cntsP=
http://www.carterandcone.coml-B(
http://www.carterandcone.coml
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
http://www.jiyu-kobo.co.jp/Y0P

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Ziraat Bankasi Swift Mesaji20221129-34221.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\q3W1-4699
SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
#