Overview

overview

10

Static

static

1

ZiraatTRK6575740.exe

windows7_x64

7

ZiraatTRK6575740.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ZiraatTRK6575740.r19

  • Size

    216KB

  • Sample

    210407-c5a6p5xt8n

  • MD5

    f4950efed5a367a786650b56eca94bc6

  • SHA1

    30d68a629e5c49a768da34ed4af28143d1cad1fc

  • SHA256

    684b9acd2a79e7ca09e996a6f6c9788c997eef5085558939cf5b125f7c39cf56

  • SHA512

    2fbf4a815a800bbd93da1ac2a3c0fd448ec3e2499d9eb63b1850e44028a6c6cd98e350a94f4abd3d65e423bd9429bb6465522430fd2278ee7fa9148a1f0b1515

Score
10/10
azorultinfostealerspywarestealertrojan

Malware Config

Extracted

Family

azorult

C2

http://bengalcement.com.bd/AxPu/index.php

Targets

    • Target

      ZiraatTRK6575740.exe

    • Size

      345KB

    • MD5

      710472a8addb7f60ad0cf827edc0f51a

    • SHA1

      6f0a0dd32734de4b5529c87d5b73001bb8a2b37f

    • SHA256

      07901d29fd52f346dfc7af58c41499260674510d887bedb11e9a5c9a87967c85

    • SHA512

      42b295bb466ac87d441aa7bbbe22ce49e66079dbf28e58eb9ce8fdec82a716afb719ea2c94b68edc6e891a67937a52a561a232edb093687ca0dfec77d83cc1ee

    Score
    10/10
    azorultinfostealerspywarestealertrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks