General
-
Target
Ziraat Bankasi Swift Mesaji 2021.exe
-
Size
319KB
-
Sample
210510-n59bkxzab6
-
MD5
559dc6ccbd4b4ea55677f524f95372f9
-
SHA1
9eb64c1666f529bf8ae443008853bf6e7cf7d4b2
-
SHA256
58b8457797f88443a07f9c033039776fa7c5834eeee4d4b5af353ab159bd85e8
-
SHA512
bc8d02b54b439b3329dfb4168862e6776fd0af05ca88d3c309a8d4305b0980ee4bc45d971b93bced2df1fc1f13db171b57aeff132dbad3423b47440ad7431fae
Static task
static1
Behavioral task
behavioral1
Sample
Ziraat Bankasi Swift Mesaji 2021.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Ziraat Bankasi Swift Mesaji 2021.exe
Resource
win10v20210408
Malware Config
Extracted
azorult
http://bengalcement.com.bd/AxPu/index.php
Targets
-
-
Target
Ziraat Bankasi Swift Mesaji 2021.exe
-
Size
319KB
-
MD5
559dc6ccbd4b4ea55677f524f95372f9
-
SHA1
9eb64c1666f529bf8ae443008853bf6e7cf7d4b2
-
SHA256
58b8457797f88443a07f9c033039776fa7c5834eeee4d4b5af353ab159bd85e8
-
SHA512
bc8d02b54b439b3329dfb4168862e6776fd0af05ca88d3c309a8d4305b0980ee4bc45d971b93bced2df1fc1f13db171b57aeff132dbad3423b47440ad7431fae
Score10/10-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-