General
-
Target
ZiraatTRK6575740.r19
-
Size
216KB
-
Sample
210407-c5a6p5xt8n
-
MD5
f4950efed5a367a786650b56eca94bc6
-
SHA1
30d68a629e5c49a768da34ed4af28143d1cad1fc
-
SHA256
684b9acd2a79e7ca09e996a6f6c9788c997eef5085558939cf5b125f7c39cf56
-
SHA512
2fbf4a815a800bbd93da1ac2a3c0fd448ec3e2499d9eb63b1850e44028a6c6cd98e350a94f4abd3d65e423bd9429bb6465522430fd2278ee7fa9148a1f0b1515
Static task
static1
Behavioral task
behavioral1
Sample
ZiraatTRK6575740.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
ZiraatTRK6575740.exe
Resource
win10v20201028
Malware Config
Extracted
azorult
http://bengalcement.com.bd/AxPu/index.php
Targets
-
-
Target
ZiraatTRK6575740.exe
-
Size
345KB
-
MD5
710472a8addb7f60ad0cf827edc0f51a
-
SHA1
6f0a0dd32734de4b5529c87d5b73001bb8a2b37f
-
SHA256
07901d29fd52f346dfc7af58c41499260674510d887bedb11e9a5c9a87967c85
-
SHA512
42b295bb466ac87d441aa7bbbe22ce49e66079dbf28e58eb9ce8fdec82a716afb719ea2c94b68edc6e891a67937a52a561a232edb093687ca0dfec77d83cc1ee
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-