General
-
Target
Ziraat Bankasi Swift Mesaji.exe
-
Size
158KB
-
Sample
210430-g2dmay5kes
-
MD5
c4c2cdc0caf80d285c13ea9b5aa7f265
-
SHA1
b237134d1bbd951f57025ab0547e2489f3796ee6
-
SHA256
e3fe60d8a1026a8919ef0dc81ad619db81d992a7f653a1996689f8e35b320c9a
-
SHA512
7fbbcd61c61964f2529c257c55345da113b85f6331d92eef5af8bfb7a6c11a810f20a2f89371648ca633e53a674501ab55bc736bc41c3c44363f2886f3944236
Static task
static1
Behavioral task
behavioral1
Sample
Ziraat Bankasi Swift Mesaji.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Ziraat Bankasi Swift Mesaji.exe
Resource
win10v20210410
Malware Config
Extracted
azorult
http://smkn1cilegon.sch.id/MnAew/index.php
Targets
-
-
Target
Ziraat Bankasi Swift Mesaji.exe
-
Size
158KB
-
MD5
c4c2cdc0caf80d285c13ea9b5aa7f265
-
SHA1
b237134d1bbd951f57025ab0547e2489f3796ee6
-
SHA256
e3fe60d8a1026a8919ef0dc81ad619db81d992a7f653a1996689f8e35b320c9a
-
SHA512
7fbbcd61c61964f2529c257c55345da113b85f6331d92eef5af8bfb7a6c11a810f20a2f89371648ca633e53a674501ab55bc736bc41c3c44363f2886f3944236
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-