Ziraat Bankasi Swift Mesaji20221129-34221.exe

Status: finished

Submission Time: 2022-11-29 10:15:34 +01:00

Malicious

Trojan

Spyware

Evader

FormBook

Comments

Details

Analysis ID:
755920
API (Web) ID:
1123196
Analysis Started:

2022-11-29 10:15:36 +01:00
Analysis Finished:

2022-11-29 10:25:33 +01:00
MD5:
6a0ff43510923c27b144bf86b5e0a867
SHA1:
880c264f12ea2175a81f7030dec9c7043093253f
SHA256:
52426e75e25f69d9d7a8121464fe16a213ab48519ae10b2e2fc028ce86794a8b
Technologies:

Engines
IOCs

Full Report	Management Report	IOC Report	Engine	Info	Verdict	Score	Reports

				System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211		100/100
						31/70
						16/41

IPs

IP	Country	Detection
103.11.189.189	Singapore
141.136.43.229	Lithuania
38.239.92.131	United States

Domains

Name	IP	Detection
www.oaksinstitute.net	103.11.189.189
notarpucarhr.com	141.136.43.229
www.multimediapages.com	38.239.92.131
Click to see the 3 hidden entries
www.thetrendsinfo.com	0.0.0.0
www.notarpucarhr.com	0.0.0.0
thetrendsinfo.com	68.66.216.12

URLs

Name	Detection
http://www.oaksinstitute.net/qmpa/?mRh4lr=5Yvs1mt+8koK04wDmvle7hFJkaWhy6okw1CCpgEhtGW9Nwizn2cFt5qaMIq71RWOXG0+Z4ku5zJzPR6AZImqbF2d7jI61SlZkw==&VrWd=-Z5PLbzhUhYhR8K
http://www.multimediapages.com/qmpa/?mRh4lr=rejTwVtqfB30O9nwV+ATTccd4/r3ZShDvm2ExT48d5W41t5gt2xe96xDcyDktEvrNydQ6GKmhPSZbQq/61ftArfg9GGH4Fupqg==&VrWd=-Z5PLbzhUhYhR8K
http://www.multimediapages.com/qmpa/
Click to see the 97 hidden entries
http://www.notarpucarhr.com/qmpa/?mRh4lr=EgIWtG18ZIzAqtaO1OmvkFLdPjhKt8Mp7J5Y1fxWkEB6Q9kPLkR881s923Q+G4W9S+aNob6MQv0YuDJ73ehw8miGBWwdljwfXw==&VrWd=-Z5PLbzhUhYhR8K
http://www.oaksinstitute.net/qmpa/
www.erwgcb.top/qmpa/
http://www.carterandcone.comits
http://www.fontbureau.comueedl
http://www.sakkal.com
http://www.fonts.comcom
http://www.carterandcone.comsign
http://www.sandoll.co.kr
http://www.fonts.com
http://www.jiyu-kobo.co.jp/jp/l
http://www.carterandcone.comGr
http://www.galapagosdesign.com/staff/dennis.htmtr-tr
http://www.goodfont.co.kr
http://www.sajatypeworks.comU
http://www.carterandcone.com8I
http://www.carterandcone.comily
http://fontfabrik.com
http://www.sajatypeworks.comers0J
http://www.galapagosdesign.com/staff/dennis.htm
http://www.typography.netD
http://www.carterandcone.comsigW
http://www.carterandcone.com
http://www.tiro.com
http://www.fontbureau.com/designers/cabarga.htmlN
http://www.fontbureau.com/designers8
http://www.zhongyicts.com.cno.
http://www.sakkal.comP1
http://www.galapagosdesign.com/:
http://www.jiyu-kobo.co.jp/
http://www.fontbureau.comm
http://www.fontbureau.com/designers%
http://www.monotype.
http://www.fontbureau.com/designers/cabarga.html
http://www.fontbureau.comdP
http://www.founder.com.cn/cn
http://www.fontbureau.com/designersiv
https://search.yahoo.com?fr=crmas_sfp
https://ac.ecosia.org/autocomplete?q=
http://www.jiyu-kobo.co.jp/jp/
http://www.fontbureau.comL.TTF
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
http://www.carterandcone.comfac
http://www.carterandcone.comitse
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
http://www.fontbureau.comF
http://www.fontbureau.com
http://www.apache.org/licenses/LICENSE-2.0
http://www.jiyu-kobo.co.jp/0
http://www.sajatypeworks.comegr
http://www.jiyu-kobo.co.jp/S
http://www.carterandcone.compe
http://www.galapagosdesign.com/
http://www.fontbureau.comicu
http://www.jiyu-kobo.co.jp/ry
http://www.jiyu-kobo.co.jp/Y
http://www.zhongyicts.com.cn
http://www.jiyu-kobo.co.jp/$
http://www.urwpp.deDPlease
http://www.jiyu-kobo.co.jp/Y0
http://www.galapagosdesign.com/DPlease
http://www.jiyu-kobo.co.jp/P
http://www.founder.com.cn/cn/cThe
http://www.sajatypeworks.com
http://www.fontbureau.coml1
http://www.carterandcone.comhy/
http://www.carterandcone.comFH
http://www.fontbureau.commsedY
http://www.fontbureau.com/designers
http://www.carterandcone.com69
http://www.vodien.com/singapore-email-hosting.php
https://duckduckgo.com/ac/?q=
https://duckduckgo.com/chrome_newtab
http://www.fontbureau.comalicg
http://www.fontbureau.com/designersW
https://search.yahoo.com?fr=crmas_sfpf
http://www.fontbureau.com/designers?
http://www.founder.com.cn/cn/bThe
http://www.fontbureau.com/designers/?
http://www.carterandcone.comre
http://www.fontbureau.com/designersG
http://www.sajatypeworks.comegrjJH
http://www.fontbureau.com/designersH
http://www.fontbureau.coma$
http://www.founder.com.cn/cntsP=tx
http://www.vodien.com/
http://www.jiyu-kobo.co.jp/l
http://www.zhongyicts.com.cno.z
http://www.zhongyicts.com.cnV
http://www.fontbureau.com/designers/frere-user.html
http://www.jiyu-kobo.co.jp/x
http://www.founder.com.cn/cntsP=
http://www.carterandcone.coml-B(
http://www.carterandcone.coml
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
http://www.jiyu-kobo.co.jp/Y0P

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Ziraat Bankasi Swift Mesaji20221129-34221.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\q3W1-4699	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3	#

Ziraat Bankasi Swift Mesaji20221129-34221.exe

Comments

Tags

Available tags:

Details

IPs

Domains

URLs

Dropped files

Ziraat Bankasi Swift Mesaji20221129-34221.exe Options

Comments

Tags

Available tags:

Details

IPs

Domains

URLs

Dropped files

Search started

Yara Super Rule creation started

Ziraat Bankasi Swift Mesaji20221129-34221.exe