General
-
Target
ZiraatTRK65757.r19
-
Size
258KB
-
Sample
210405-h75tx6tllj
-
MD5
5b25e6d3f01f0fd0cca0aa1bc070ccb8
-
SHA1
fd50c637271cefeca0a638fdd542cd43dd423253
-
SHA256
089f6d81466e46e1ddd24e5c318a1515179a08917b9dae0609a4246caa582f2a
-
SHA512
367cf802a86350a52a412c73d8caf42832f857c2df0c2b955fa5a05fcddff780029467d8b7480e4cce4e34b3edad2922ae2a973d264f7cf73016e1c8f0b495df
Static task
static1
Behavioral task
behavioral1
Sample
ZiraatTRK65757.exe
Resource
win7v20201028
Malware Config
Extracted
azorult
http://lexusbiscuit.com/OiuBn/index.php
Targets
-
-
Target
ZiraatTRK65757.exe
-
Size
376KB
-
MD5
bc616570090677f76b2dae8b3674f0a1
-
SHA1
a6372f565cf59724840400bb7e52636f69cc65a5
-
SHA256
92c08df7ebe01c1fc5509841a14b63e6a552b63f545282ccfa844a970ad7ee68
-
SHA512
8c34f4b49f96919d8f2aa4b0f1796978f48c8cb4ef0d73994bed3e71b17df7cac552c57874503c48d7bb444cad3074f9b1cf5acdb0f994bdb54b38704acb2465
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-